Microsoft Remote Desktop Client — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Remote Desktop Client, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2019-0887 — CVSS 8.0 (high): A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated…
CVE-2025-27487 — CVSS 8.0 (high): Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.
CVE-2025-32715 — CVSS 6.5 (medium): Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.