{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-66576", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-12-04T16:31:05.556Z", "datePublished": "2025-12-04T20:46:33.157Z", "dateUpdated": "2026-04-07T14:09:52.696Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Remote Keyboard Desktop", "vendor": "Remotecontrolio", "versions": [{"status": "affected", "version": "1.0.1"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Chokri Hammedi, github.com/blue0x1"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution.</p>"}], "value": "Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.9, "baseSeverity": "HIGH", "exploitMaturity": "PROOF_OF_CONCEPT", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-07T14:09:52.696Z"}, "references": [{"name": "ExploitDB-52299", "tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/52299"}, {"name": "Vendor Homepage", "tags": ["product"], "url": "https://remotecontrolio.web.app/"}, {"name": "Software Link", "tags": ["product"], "url": "https://apps.microsoft.com/detail/9n0jw8v5sc9m?hl=neutral&gl=US&ocid=pdpshare"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/remote-keyboard-desktop-101-remote-code-execution-rce"}], "source": {"discovery": "UNKNOWN"}, "title": "Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)", "x_generator": {"engine": "vulncheck"}, "datePublic": "2025-05-21T00:00:00.000Z"}, "adp": [{"references": [{"url": "https://www.exploit-db.com/exploits/52299", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-05T17:42:25.349183Z", "id": "CVE-2025-66576", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-05T17:42:30.225Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-66576", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-05T17:42:25.349183Z"}}}], "references": [{"url": "https://www.exploit-db.com/exploits/52299", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-05T17:42:12.305Z"}}], "cna": {"title": "Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Chokri Hammedi, github.com/blue0x1"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Remotecontrolio", "product": "Remote Keyboard Desktop", "versions": [{"status": "affected", "version": "1.0.1"}], "defaultStatus": "unaffected"}], "datePublic": "2025-05-21T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/52299", "name": "ExploitDB-52299", "tags": ["exploit"]}, {"url": "https://remotecontrolio.web.app/", "name": "Vendor Homepage", "tags": ["product"]}, {"url": "https://apps.microsoft.com/detail/9n0jw8v5sc9m?hl=neutral&gl=US&ocid=pdpshare", "name": "Software Link", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/remote-keyboard-desktop-101-remote-code-execution-rce", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution.", "supportingMedia": [{"type": "text/html", "value": "<p>Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-07T14:09:52.696Z"}}}, "cveMetadata": {"cveId": "CVE-2025-66576", "state": "PUBLISHED", "dateUpdated": "2026-04-07T14:09:52.696Z", "dateReserved": "2025-12-04T16:31:05.556Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-12-04T20:46:33.157Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:remotecontrolio:remote_keyboard_desktop:1.0.1:*:*:*:*:windows:*:*", "matchCriteriaId": "AE6865AF-201A-4236-BB55-070A6B6BEF91", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution."}], "id": "CVE-2025-66576", "lastModified": "2025-12-17T16:21:58.193", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-12-04T21:16:10.600", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://apps.microsoft.com/detail/9n0jw8v5sc9m?hl=neutral&gl=US&ocid=pdpshare"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://remotecontrolio.web.app/"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit"], "url": "https://www.exploit-db.com/exploits/52299"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/remote-keyboard-desktop-101-remote-code-execution-rce"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"], "url": "https://www.exploit-db.com/exploits/52299"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T20:57:16.534482+00:00", "value": {"mitigation_remediation": ["Upgrade Remote Keyboard Desktop to the latest patched release that removes the vulnerable rundll32.exe export.", "If a patch is not available, uninstall the application or block its execution using a Local Group Policy or AppLocker rule to prevent the exposed export from being called.", "Apply network segmentation or firewall rules to block remote access to the device, reducing the possibility of the vulnerable function being invoked from external locations."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Remotecontrolio Remote Keyboard Desktop version 1.0.1 running on Windows. No other versions or platforms are mentioned.", "description_and_impact": "Remote Keyboard Desktop 1.0.1 contains a flaw that lets an attacker execute arbitrary system commands without authentication. The deficiency lies in an exported function of rundll32.exe that can be invoked remotely, granting an attacker full control over the affected Windows machine and compromising confidentiality, integrity, and availability.", "risk_and_exploitability": "The CVSS score of 8.9 indicates a high severity. The EPSS score is less than 1%, indicating that exploitation attempts are currently very rare. The vulnerability is not listed in the CISA KEV catalog. Attackers can trigger the vulnerable export without credentials, making remote code execution possible from any network that can reach the target."}}}}, "created": "2025-12-05T10:52:28.990227+00:00", "updated": "2026-04-22T21:00:06.371596+00:00", "vendors": ["remotecontrolio", "remotecontrolio$PRODUCT$remote_keyboard_desktop"]}