SB2025081272 - Multiple vulnerabilities in Microsoft Windows Routing and Remote Access Service (RRAS)
Published: August 12, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 12 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2025-49757)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Windows Routing and Remote Access Service (RRAS). A remote attacker can trick a victim into sending a request to a malicious server, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Use of uninitialized resource (CVE-ID: CVE-2025-50157)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to usage of uninitialized resources in Windows Routing and Remote Access Service (RRAS). A remote user can trigger uninitialized usage of resources and gain access to sensitive information on the system.
3) Heap-based buffer overflow (CVE-ID: CVE-2025-53720)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Windows Routing and Remote Access Service (RRAS). A remote user can trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Use of uninitialized resource (CVE-ID: CVE-2025-53719)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to usage of uninitialized resources in Windows Routing and Remote Access Service (RRAS). A remote user can trigger uninitialized usage of resources and gain access to sensitive information on the system.
5) Use of uninitialized resource (CVE-ID: CVE-2025-53153)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to usage of uninitialized resources in Windows Routing and Remote Access Service (RRAS). A remote user can trigger uninitialized usage of resources and gain access to sensitive information on the system.
6) Use of uninitialized resource (CVE-ID: CVE-2025-53148)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to usage of uninitialized resources in Windows Routing and Remote Access Service (RRAS). A remote user can trigger uninitialized usage of resources and gain access to sensitive information on the system.
7) Use of uninitialized resource (CVE-ID: CVE-2025-53138)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to usage of uninitialized resources in Windows Routing and Remote Access Service (RRAS). A remote user can trigger uninitialized usage of resources and gain access to sensitive information on the system.
8) Heap-based buffer overflow (CVE-ID: CVE-2025-50164)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Windows Routing and Remote Access Service (RRAS). A remote user can trick a victim into sending a request to a malicious server, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Heap-based buffer overflow (CVE-ID: CVE-2025-50163)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Windows Routing and Remote Access Service (RRAS). A remote attacker can trick a victim into sending a request to a malicious server, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Heap-based buffer overflow (CVE-ID: CVE-2025-50162)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Windows Routing and Remote Access Service (RRAS). A remote user can trick a victim into sending a request to a malicious server, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Heap-based buffer overflow (CVE-ID: CVE-2025-50160)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Windows Routing and Remote Access Service (RRAS). A remote user can trick a victim into sending a request to a malicious server, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Use of uninitialized resource (CVE-ID: CVE-2025-50156)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to usage of uninitialized resources in Windows Routing and Remote Access Service (RRAS). A remote user can trigger uninitialized usage of resources and gain access to sensitive information on the system.
Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-49757
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-50157
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-53720
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-53719
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-53153
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-53148
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-53138
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-50164
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-50163
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-50162
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-50160
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-50156