FreeRDP
Moderate fix1 remedy
cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*, +1 more
Moderate fix1 remedy
- <= 3.24.2
FreeRDP Path Traversal Vulnerability in Drive Redirection
Vulnerability
Patched
A path traversal vulnerability has been identified in FreeRDP versions prior to 3.25.0. The issue arises from an off-by-one error in the path traversal filter within the drive channel client file handling. The vulnerability allows a rogue RDP server to read, list, or write files one directory above the client's shared folder by exploiting RDPDR requests. This exploitation requires the victim to have drive redirection enabled.
Impact
Exploitation of this vulnerability allows a rogue RDP server to access files one directory above the client's shared folder, bypassing the intended directory restrictions. This could lead to unauthorized access or modification of files.
Reproduction
To reproduce this vulnerability, connect to a rogue RDP server with drive redirection enabled, using a FreeRDP client version prior to 3.25.0. The server can then issue RDPDR I/O requests that escape the shared drive root by one level, accessing files above the designated shared folder.
Remediation
Users can upgrade to FreeRDP version 3.25.0 or later, where this vulnerability has been patched.
Added: Apr 24, 2026, 3:22 AM
Updated: Apr 24, 2026, 3:22 AM
Vulnerability Rating
Custom Algorithm
spread
5.4impact
1.3exploitability
5.6remediation
7.7relevance
6.6threat
6.4urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.