Remote Keyboard Desktop v1.0.1 - Remote Code Execution (RCE) | Advisories

Advisories

Remote Keyboard Desktop v1.0.1 - Remote Code Execution (RCE)

severity: high
date: December 4, 2025
Affecting: Remote Keyboard Desktop v1.0.1
CVE: CVE-2025-66576
CVE type: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS: 8.9
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
References: ExploitDB-52299
Vendor Homepage
Credit: Chokri Hammedi
Description: Remote Keyboard Desktop v1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution.