CVE-2025-48814 is a vulnerability classified under CWE-306 (Missing Authentication for Critical Function) found in Microsoft Windows 10 Version 1607 (build 10.0.14393.0). The flaw resides in the Windows Remote Desktop Licensing Service, which is responsible for managing licenses for Remote Desktop Services sessions. The vulnerability allows an attacker to bypass authentication controls for a critical function within this service over the network, without requiring any privileges or user interaction. This means an unauthenticated remote attacker can potentially access or manipulate licensing functions that should be protected, potentially leading to unauthorized access to licensing data or enabling further attacks on the system. The CVSS v3.1 base score of 7.5 reflects a high severity due to the network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact is primarily on confidentiality (C:H), with no direct impact on integrity or availability. Although no exploits are currently known in the wild, the vulnerability's nature and ease of exploitation make it a significant risk. The affected product is an older Windows 10 version (1607), which is past mainstream support, increasing the risk for organizations still running this version. No patches are currently linked, indicating that mitigation may rely on workarounds or awaiting official updates from Microsoft.

For European organizations, this vulnerability poses a risk of unauthorized access to Remote Desktop Licensing Service functions, potentially exposing sensitive licensing information or enabling attackers to manipulate licensing mechanisms. This could facilitate further lateral movement or privilege escalation within affected networks. Organizations relying on legacy Windows 10 Version 1607 systems, especially in sectors with extensive use of Remote Desktop Services such as government, finance, healthcare, and critical infrastructure, are at higher risk. The confidentiality breach could lead to intellectual property theft or compliance violations under GDPR if sensitive data is exposed. Although no direct integrity or availability impact is indicated, the breach of licensing controls could indirectly affect service continuity or licensing compliance. The lack of required authentication and user interaction lowers the barrier for attackers, increasing the likelihood of exploitation if the vulnerability is exposed to untrusted networks. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time.

1. Immediately inventory and identify all systems running Windows 10 Version 1607 within the organization. 2. Apply any available security updates or patches from Microsoft as soon as they are released for this vulnerability. 3. If patches are not yet available, implement network-level controls to restrict access to the Remote Desktop Licensing Service, such as firewall rules limiting inbound connections to trusted management networks only. 4. Disable the Remote Desktop Licensing Service on systems where it is not required to reduce the attack surface. 5. Employ network segmentation to isolate legacy systems from critical infrastructure and sensitive data stores. 6. Monitor network traffic for unusual or unauthorized access attempts targeting Remote Desktop Licensing Service ports. 7. Consider upgrading affected systems to a supported Windows version to benefit from ongoing security updates and support. 8. Educate IT staff about the vulnerability and ensure incident response plans include detection and mitigation steps for exploitation attempts related to this vulnerability.