CVE-2025-54106

EUVD-2025-27364
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
microsoftCNA
8.8 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_server_2016
𝑥
< 10.0.14393.8422
microsoftwindows_server_2019
𝑥
< 10.0.17763.7792
microsoftwindows_server_2022
𝑥
< 10.0.20348.4106
microsoftwindows_server_2022_23h2
𝑥
< 10.0.25398.1849
microsoftwindows_server_2025
𝑥
< 10.0.26100.6508
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows Server 2012 R2
Server Core
KB5065507
Standard
KB5065507
Windows Server 2016
Server Core
KB5065427
Standard
KB5065427
Windows Server 2019
Server Core
KB5065428
Standard
KB5065428
Windows Server 2022
23H2 Server Core
KB5065425
Server Core
KB5065306
Standard
KB5065306
Windows Server 2025
Server Core
KB5065426
Standard
KB5065426
Common Weakness Enumeration
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54106