Legacy versions of FreeRDP (prior to 3.0) contain a critical security vulnerability that requires immediate remediation.

This is a high-severity vulnerability affecting versions prior to the 3.0 release. While specific technical details are limited, it involves core protocol handling that could lead to unauthorized system access.

As FreeRDP is a critical component for remote desktop connectivity, this vulnerability could allow an attacker to intercept sessions or compromise the underlying host system. The CVSS score of 8.8 justifies immediate action to prevent unauthorized access or remote code execution.

Immediate Action: Upgrade all instances of FreeRDP to version 3.0 or the latest available stable release.

Proactive Monitoring: Monitor network traffic for anomalous RDP-related connections or unexpected session behavior.

Compensating Controls: Restrict RDP access to VPN-only tunnels and implement Multi-Factor Authentication (MFA) for all remote access points.

Public Exploit Available: false

Organizations relying on FreeRDP for remote infrastructure management must prioritize the upgrade path to version 3.0. Failure to update leaves remote access infrastructure highly susceptible to exploitation.