CVE-2025-26645 is a vulnerability classified under CWE-23 (Relative Path Traversal) affecting Microsoft Remote Desktop client for Windows Desktop, specifically version 1.2.0.0. The flaw arises from improper validation of file paths within the client software, allowing an attacker to manipulate relative paths to access or overwrite files outside the intended directory scope. This can lead to arbitrary code execution remotely over the network without requiring prior authentication (PR:N) but does require user interaction (UI:R), such as opening a malicious RDP file or connecting to a compromised RDP server. The vulnerability impacts confidentiality, integrity, and availability (C:H/I:H/A:H), making it critical for environments relying on Remote Desktop for remote access. The CVSS 3.1 score of 8.8 reflects the ease of exploitation over the network with low attack complexity and no privileges required. Although no public exploits are currently known, the vulnerability's nature and the widespread use of Microsoft Remote Desktop clients make it a significant threat. The vulnerability was reserved in February 2025 and published in March 2025, with no patch links currently available, indicating that remediation may still be pending or in progress. The CWE-23 classification highlights the root cause as insufficient sanitization of relative path inputs, a common vector for directory traversal attacks. This vulnerability could be exploited by attackers to execute arbitrary code, potentially leading to full system compromise, data theft, or disruption of services.

For European organizations, the impact of CVE-2025-26645 is substantial due to the widespread use of Microsoft Windows and Remote Desktop clients for remote work, IT administration, and critical infrastructure management. Exploitation could lead to unauthorized access, data breaches, ransomware deployment, or disruption of essential services. Sectors such as finance, healthcare, government, and energy, which heavily rely on secure remote access, are particularly at risk. The vulnerability could facilitate lateral movement within networks, enabling attackers to escalate privileges and compromise additional systems. Given the high confidentiality, integrity, and availability impact, organizations may face operational downtime, financial losses, regulatory penalties under GDPR, and reputational damage. The requirement for user interaction means phishing or social engineering campaigns could be used to trick users into initiating the exploit, increasing the attack surface. The absence of known exploits currently provides a window for proactive mitigation before widespread attacks occur.

1. Monitor Microsoft security advisories closely and apply official patches immediately once released to remediate the vulnerability. 2. Until patches are available, restrict or disable the use of Microsoft Remote Desktop client version 1.2.0.0 where possible, especially in high-risk environments. 3. Implement network-level protections such as VPNs, firewalls, and RDP gateways to limit exposure of Remote Desktop services to untrusted networks. 4. Employ endpoint protection solutions capable of detecting suspicious file system activity and code execution attempts related to path traversal exploits. 5. Educate users about the risks of opening unsolicited RDP files or connecting to unknown Remote Desktop servers to reduce the likelihood of user interaction exploitation. 6. Use application whitelisting and least privilege principles to limit the impact of potential code execution. 7. Conduct regular security audits and vulnerability assessments focusing on remote access infrastructure. 8. Consider deploying multi-factor authentication (MFA) for Remote Desktop access to add an additional security layer, even though this vulnerability does not require prior authentication. 9. Monitor network traffic for anomalies indicative of exploitation attempts, such as unusual file access patterns or unexpected process executions related to the Remote Desktop client.