CVE-2026-25953

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.23.0

Description FreeRDP is a free implementation of the Remote Desktop Protocol. A flaw exists in the xf AppUpdateWindowFromSurface function where it reads from a freed xfAppWindow. This occurs because the RDPGFX DVC thread obtains a bare pointer via xf rail get window without proper lifetime protection, while the main thread can concurrently delete the window.

Recommendations Update to version 3.23.0 or later.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-04147

CVE-2026-25953

GHSA-P6RQ-RXPC-RH3P

OESA-2026-2439

OESA-2026-2440

OESA-2026-2441

OESA-2026-2442

OPENSUSE-SU-2026:10408-1

OPENSUSE-SU-2026:20632-1

OPENSUSE-SU-2026:20657-1

SUSE-SU-2026:1632-1

SUSE-SU-2026:1633-1

SUSE-SU-2026:1634-1

SUSE-SU-2026:1635-1

SUSE-SU-2026:1640-1

SUSE-SU-2026:21436-1

USN-8105-1

Affected Products

Freerdp

Linuxmint

Ubuntu

CVE-2026-25953

Weakness Enumeration

Related Identifiers

Affected Products

References · 95