FreeRDP Vulnerability CVSS 7.3 Enables Remote Attack
Summary
CERT-Bund has issued advisory WID-SEC-2026-1250 alerting to a vulnerability in Open Source FreeRDP versions prior to 3.25.0. The flaw carries a CVSS Base Score of 7.3 (high) and a CVSS Temporal Score of 6.4 (medium), with remote attack confirmed as feasible. Affected platforms include Linux, UNIX, Windows, and other systems running the FreeRDP Remote Desktop Protocol implementation. Organizations should apply available mitigations and upgrade to version 3.25.0 or later.
“Ein Angreifer kann eine Schwachstelle in FreeRDP ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.”
Organizations with FreeRDP deployments on Linux, UNIX, or Windows systems face immediate exposure to a confirmed remote-attack vulnerability. Security teams should inventory FreeRDP installations, prioritize patching to version 3.25.0, and apply compensating controls (network segmentation, RDP access restrictions) where updates cannot be deployed promptly. CVE reference and version history links in the advisory should be monitored for additional technical detail as it becomes available.
About this source
CERT-Bund is the German federal cybersecurity agency's incident response team, run by the BSI. Their advisory feed publishes vulnerability disclosures and active exploitation warnings for software in widespread enterprise use: VPN appliances, email servers, file transfer products, ERP systems, browsers, hypervisors. Around 280 advisories a month, each with a CVSS score, affected versions, and remediation guidance. The advisories are written in German but cover the same vulnerabilities that show up in CISA, NCSC-UK, and JPCERT bulletins, often hours earlier. Watch this if you patch enterprise software, run a SOC, or write detection rules. GovPing publishes each advisory with the affected vendor, CVSS score, and original CERT-Bund link.
What changed
CERT-Bund published security advisory WID-SEC-2026-1250 disclosing a vulnerability in Open Source FreeRDP (<3.25.0) with a CVSS Base Score of 7.3 (high) and confirmed remote attack vector. The vulnerability affects all major operating system platforms including Linux, UNIX, and Windows.
Organizations running FreeRDP should immediately assess their exposure, apply available patches to upgrade to version 3.25.0 or later, and implement mitigations where immediate patching is not feasible. Security teams should monitor CERT-Bund feeds for further updates and CVE references as they become available.
Archived snapshot
Apr 23, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
[WID-SEC-2026-1250] FreeRDP: Schwachstelle ermöglicht nicht spezifizierten Angriff CVSS Base Score 7.3 (hoch) CVSS Temporal Score 6.4 (mittel) Remoteangriff ja Datum 22.04.2026 Stand 23.04.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Linux
- Sonstiges
- UNIX
- Windows
Produktbeschreibung
FreeRDP ist eine freie Implementierung des Remote Desktop Protocol (RDP).
Produkte
22.04.2026
- Open Source FreeRDP <3.25.0
Angriff
Angriff
Ein Angreifer kann eine Schwachstelle in FreeRDP ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Get daily alerts for CERT-Bund Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.