PT-2025-15512 · Microsoft · Windows Rdp Client+1

Published

2025-04-08

Updated

2025-04-10

CVE-2025-26670

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Windows LDAP versions prior to the fixed version

Description: The issue is related to a use after free vulnerability in the Windows LDAP protocol, allowing an unauthorized attacker to execute code over a network. This vulnerability enables remote attackers to execute arbitrary code and affect the system.

Recommendations: For Windows LDAP versions prior to the fixed version, update to the latest version that includes the security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems. As a temporary workaround, consider restricting access to the LDAP protocol to minimize the risk of exploitation.

Fix

RCE

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-04054

CVE-2025-26670

Affected Products

Windows

Windows Rdp Client

PT-2025-15512 · Microsoft · Windows Rdp Client+1

CVE-2025-26670

Weakness Enumeration

Related Identifiers

Affected Products

References · 12