CVE-2025-54095

EUVD-2025-27370
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
microsoftCNA
6.5 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_server_2008
-
microsoftwindows_server_2008
-
microsoftwindows_server_2012
-
microsoftwindows_server_2016
𝑥
< 10.0.14393.8422
microsoftwindows_server_2019
𝑥
< 10.0.17763.7792
microsoftwindows_server_2022
𝑥
< 10.0.20348.4106
microsoftwindows_server_2022_23h2
𝑥
< 10.0.25398.1849
microsoftwindows_server_2025
𝑥
< 10.0.26100.6508
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows Server 2008
Service Pack 2 (x64, x86)
KB5065511
Service Pack 2 Server Core (x64, x86)
KB5065511
Windows Server 2008 R2
Service Pack 1 (x64)
KB5065510
Service Pack 1 Server Core (x64)
KB5065510
Windows Server 2012
Server Core
KB5065509
Standard
KB5065509
Windows Server 2012 R2
Server Core
KB5065507
Standard
KB5065507
Windows Server 2016
Server Core
KB5065427
Standard
KB5065427
Windows Server 2019
Server Core
KB5065428
Standard
KB5065428
Windows Server 2022
23H2 Server Core
KB5065425
Server Core
KB5065306
Standard
KB5065306
Windows Server 2025
Server Core
KB5065426
Standard
KB5065426
Common Weakness Enumeration
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54095