CVE-2026-25997

CRITICAL

FreeRDP <3.23.0 - Use After Free

Title source: llm
STIX 2.1

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_clipboard_format_equal` reads freed `lastSentFormats` memory because `xf_clipboard_formats_free` (called from the cliprdr channel thread during auto-reconnect) frees the array while the X11 event thread concurrently iterates it in `xf_clipboard_changed`, triggering a heap use after free. Version 3.23.0 fixes the issue.

References (9)

Core 9
Core References

Scores

CVSS v3 9.8
EPSS 0.0016
EPSS Percentile 36.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-416
Status published
Products (1)
freerdp/freerdp < 3.23.0
Published Feb 25, 2026
Tracked Since Feb 26, 2026