CVE-2026-25954 | FreeRDP up to 3.22.x xf_rail_server_local_move_size use after free (GHSA-cc88-4j37-mw6j)

A vulnerability categorized as critical has been discovered in FreeRDP up to 3.22.x. This affects the function xf_rail_server_local_move_size. Such manipulation leads to use after free.

This vulnerability is traded as CVE-2026-25954. The attack may be launched remotely. There is no exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More