CVE-2025-29836

EUVD-2025-14429
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
microsoftCNA
6.5 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10_1507
𝑥
< 10.0.10240.21014
microsoftwindows_10_1507
𝑥
< 10.0.10240.21014
microsoftwindows_10_1607
𝑥
< 10.0.14393.8066
microsoftwindows_10_1607
𝑥
< 10.0.14393.8066
microsoftwindows_10_1809
𝑥
< 10.0.17763.7314
microsoftwindows_10_1809
𝑥
< 10.0.17763.7314
microsoftwindows_10_21h2
𝑥
< 10.0.19044.5854
microsoftwindows_10_21h2
𝑥
< 10.0.19044.5854
microsoftwindows_10_21h2
𝑥
< 10.0.19044.5854
microsoftwindows_10_22h2
𝑥
< 10.0.19045.5854
microsoftwindows_10_22h2
𝑥
< 10.0.19045.5854
microsoftwindows_10_22h2
𝑥
< 10.0.19045.5854
microsoftwindows_11_22h2
𝑥
< 10.0.22621.5335
microsoftwindows_11_22h2
𝑥
< 10.0.22621.5335
microsoftwindows_11_23h2
𝑥
< 10.0.22631.5335
microsoftwindows_11_23h2
𝑥
< 10.0.22631.5335
microsoftwindows_11_24h2
𝑥
< 10.0.26100.4061
microsoftwindows_11_24h2
𝑥
< 10.0.26100.4061
microsoftwindows_server_2008
-
microsoftwindows_server_2012
-
microsoftwindows_server_2016
𝑥
< 10.0.14393.8066
microsoftwindows_server_2019
𝑥
< 10.0.17763.7314
microsoftwindows_server_2022
𝑥
< 10.0.20348.3692
microsoftwindows_server_2022_23h2
𝑥
< 10.0.25398.1611
microsoftwindows_server_2025
𝑥
< 10.0.26100.4061
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB5058387
1607 (x64, x86)
KB5058383
1809 (x64, x86)
KB5058392
21H2 (arm64, x64, x86)
KB5058379
22H2 (arm64, x64, x86)
KB5058379
Windows 11
22H2 (arm64, x64)
KB5058405
23H2 (arm64, x64)
KB5058405
24H2 (arm64, x64)
KB5058411
Windows Server 2008
Service Pack 2 (x64, x86)
KB5058449
Service Pack 2 Server Core (x64, x86)
KB5058449
Windows Server 2008 R2
Service Pack 1 (x64)
KB5058454
Service Pack 1 Server Core (x64)
KB5058454
Windows Server 2012
Server Core
KB5058451
Standard
KB5058451
Windows Server 2012 R2
Server Core
KB5058403
Standard
KB5058403
Windows Server 2016
Server Core
KB5058383
Standard
KB5058383
Windows Server 2019
Server Core
KB5058392
Standard
KB5058392
Windows Server 2022
23H2 Server Core
KB5058384
Server Core
KB5058385
Standard
KB5058385
Standard
KB5058500
Windows Server 2025
Server Core
KB5058411
Standard
KB5058411
Common Weakness Enumeration
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29836