PT-2026-22012 · Freerdp+3 · Freerdp+3

Ehdgks0627

Published

2026-01-01

Updated

2026-06-15

CVE-2026-25955

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.23.0

Description FreeRDP is a free implementation of the Remote Desktop Protocol. A flaw exists in the xf AppUpdateWindowFromSurface function where a cached XImage’s data pointer can reference a freed RDPGFX surface buffer. This occurs because gdi DeleteSurface frees surface->data without invalidating the appWindow->image that aliases it. This can lead to a use-after-free condition.

Recommendations Update to version 3.23.0 or later.

Exploit

Fix

DoS

RCE

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-04149

CVE-2026-25955

GHSA-4G54-X8V7-559X

OPENSUSE-SU-2026:10408-1

OPENSUSE-SU-2026:20657-1

SUSE-SU-2026:1633-1

SUSE-SU-2026:21436-1

USN-8105-1

Affected Products

Freerdp

Linuxmint

Red Os

Ubuntu

PT-2026-22012 · Freerdp+3 · Freerdp+3

CVE-2026-25955

Weakness Enumeration

Related Identifiers

Affected Products

References · 78