CVE-2025-48814
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-08

Last updated on: 2025-07-15

Assigner: Microsoft Corporation

Description
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Affected Vendors & Products
Vendor Product Version
microsoft windows_10_1607 to 10.0.14393.8246 (exc)
microsoft windows_10_1607 to 10.0.14393.8246 (exc)
microsoft windows_10_1809 to 10.0.17763.7558 (exc)
microsoft windows_10_1809 to 10.0.17763.7558 (exc)
microsoft windows_10_21h2 to 10.0.19044.6093 (exc)
microsoft windows_10_22h2 to 10.0.19045.6093 (exc)
microsoft windows_11_22h2 to 10.0.22621.5624 (exc)
microsoft windows_11_23h2 to 10.0.22631.5624 (exc)
microsoft windows_11_24h2 to 10.0.26100.4652 (exc)
microsoft windows_server_2008 r2
microsoft windows_server_2012 *
microsoft windows_server_2012 r2
microsoft windows_server_2016 to 10.0.14393.8246 (exc)
microsoft windows_server_2019 to 10.0.17763.7558 (exc)
microsoft windows_server_2022 to 10.0.20348.3932 (exc)
microsoft windows_server_2022_23h2 to 10.0.25398.1732 (exc)
microsoft windows_server_2025 to 10.0.26100.4652 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a missing authentication issue in the Windows Remote Desktop Licensing Service. It allows an unauthorized attacker to bypass a security feature over a network, meaning the attacker can access or interact with the service without proper authentication.


How can this vulnerability impact me? :

The vulnerability can impact you by allowing unauthorized attackers to bypass security controls in the Windows Remote Desktop Licensing Service remotely. This could lead to unauthorized access to licensing functions or related services, potentially compromising system security or licensing integrity.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart
Meta Information
CVE Publication Date:
2025-07-08
CVE Last Modified Date:
2025-07-15
Report Generation Date:
2026-04-01
AI Powered Q&A Generation:
2025-07-08
EPSS Last Evaluated Date:
2026-03-31
NVD Report Link:
EUVD Report Link: