CVE-2025-66576

CRITICAL

Remote Keyboard Desktop 1.0.1 - Code Injection

Title source: llm

Description

Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution.

Exploits (1)

exploitdb WORKING POC

by Chokri Hammedi · pythonremotewindows

https://www.exploit-db.com/exploits/52299

View Code ZIP pw:eip

References (4)

[Product] https://apps.microsoft.com/detail/9n0jw8v5sc9m?hl=neutral&gl=US&ocid=pdpshare

[Product] https://remotecontrolio.web.app/

[Exploit] https://www.exploit-db.com/exploits/52299

[Third Party Advisory] https://www.vulncheck.com/advisories/remote-keyboard-desktop-101-remote-code-execution-rce

Scores

CVSS v3 9.8

EPSS 0.0078

EPSS Percentile 73.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (2)

Remotecontrolio/Remote Keyboard Desktop 1.0.1

remotecontrolio/remote_keyboard_desktop 1.0.1

Published Dec 04, 2025

Tracked Since Feb 18, 2026