CVE-2023-24905 HIGH

CVE-2023-24905: Remote Desktop Client Remote Code Execution Vulnerability

Vendor Microsoft
Product Windows 10 Version 20H2
Weakness CWE-284
Published May 9, 2023
Last update July 10, 2025
View on NVD All CVEs

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

What the vulnerability does

01Description

Remote Desktop Client Remote Code Execution Vulnerability

Key dates

02Disclosure timeline

May 9, 2023 CVE published
July 10, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-5428 juzaweb CMS Error Logs Page log-viewer access control CVE-2024-10124 Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation CVE-2026-22728 sealed-secrets /v1/rotate can widen sealing scope to cluster-wide via attacker-controlled template annotations CVE-2024-0795 Create user API role not enforced CVE-2023-0012 Local Privilege Escalation in SAP Host Agent (Windows)