This vulnerability in RD Station involves improper control over code generation, specifically allowing remote code inclusion. The issue affects all versions up to 5.6.0. The CVSS 3.1 base score is 9.9 (critical), indicating network attack vector, low attack complexity, requiring low privileges, no user interaction, and resulting in complete compromise of confidentiality, integrity, and availability. The vendor has not yet provided an official fix or remediation guidance, and no exploits have been reported in the wild.

Successful exploitation allows remote attackers with low privileges to execute arbitrary code on the affected system, leading to full compromise of confidentiality, integrity, and availability of the RD Station environment. This can result in unauthorized data access, modification, and service disruption.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to RD Station instances and monitor for unusual activity related to code execution attempts. Avoid exposing the affected versions to untrusted networks where possible.