Improper Certificate Validation in FreeRDP - #VU137825

 

Improper Certificate Validation in FreeRDP - #VU137825

Published: July 16, 2026


Vulnerability identifier: #VU137825
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-295
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: FreeRDP
Affected software:
FreeRDP

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass TLS server certificate purpose validation.

The vulnerability exists due to improper certificate validation in tls_verify_certificate(), freerdp_certificate_verify(), and x509_utils_verify() when verifying the server certificate during the client-side TLS handshake. A remote attacker can present a trusted certificate that matches the target hostname but is valid only for client authentication to bypass TLS server certificate purpose validation.

Exploitation requires that the FreeRDP client trust the issuing certificate authority or chain and that the certificate hostname match the target.


Remediation

Install security update from vendor's website.

Sources