How to fix EUVD-2025-201265?

Within 24 hours: Identify all systems running Remote Keyboard Desktop 1.0.1 and isolate them from production networks if operationally feasible; alert all relevant teams and stakeholders. Within 7 days: Implement network-level access controls restricting inbound connections to affected systems; disable Remote Keyboard Desktop 1.0.1 if business operations permit, or restrict to trusted internal networks only with additional authentication. Within 30 days: Migrate to an alternative remote desktop solution that is actively maintained and patched, or await a vendor security update and apply immediately upon release.

Is Command Injection affected by EUVD-2025-201265?

Remote Keyboard Desktop 1.0.1 contains a critical vulnerability allowing unauthenticated attackers to execute arbitrary system commands on affected systems.

EUVD-2025-201265

| CVE-2025-66576 CRITICAL

2025-12-04 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:35 euvd

EUVD-2025-201265

Analysis Generated

Mar 15, 2026 - 16:35 vuln.today

PoC Detected

Dec 17, 2025 - 16:21 vuln.today

Public exploit code

CVE Published

Dec 04, 2025 - 21:16 nvd

CRITICAL 9.8

Description

Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution.

Analysis

Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution.

Technical Context

Command injection allows an attacker to execute arbitrary OS commands on the host system through a vulnerable application that passes user input to system shells. This vulnerability is classified as OS Command Injection (CWE-78).

Affected Products

Affected products: Remotecontrolio Remote Keyboard Desktop 1.0.1

Remediation

Avoid passing user input to system commands. Use language-specific APIs instead of shell commands. If unavoidable, use strict input validation and escaping.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.6

CVSS: +49

POC: +20

EUVD-2025-201265 vulnerability details – vuln.today

Back

EUVD-2025-201265

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-201265

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code