CVE-2025-26672: CWE-126: Buffer Over-read in Microsoft Windows 10 Version 1809
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
AI Analysis
Technical Summary
CVE-2025-26672 is a security vulnerability identified as a buffer over-read in the Windows Routing and Remote Access Service (RRAS) component of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The vulnerability is classified under CWE-126, which pertains to buffer over-read issues where a program reads data beyond the bounds of a buffer, potentially exposing sensitive information. In this case, an unauthorized attacker can exploit this flaw remotely over a network without requiring any privileges (PR:N) but does require user interaction (UI:R), such as convincing a user to initiate a connection or interaction that triggers the vulnerability. The attack vector is network-based (AV:N), meaning exploitation can occur remotely without physical access. The vulnerability does not affect integrity or availability but has a high impact on confidentiality (C:H), allowing attackers to disclose sensitive information from the affected system. The scope is unchanged (S:U), indicating the vulnerability affects only the vulnerable component without impacting other system components. The attack complexity is low (AC:L), meaning no special conditions are needed beyond user interaction. No known exploits are currently in the wild, and no patches have been linked yet. The vulnerability was published on April 8, 2025, and was reserved on February 12, 2025. Given the affected product is Windows 10 Version 1809, which is an older release, many organizations may have upgraded, but legacy systems or specialized environments may still be running this version. RRAS is a networking service used to provide routing and remote access capabilities, often in enterprise environments, making this vulnerability relevant for organizations relying on these services for VPNs, dial-up, or routing functions. Exploitation could lead to unauthorized disclosure of sensitive network or system information, which could be leveraged for further attacks or reconnaissance.
Potential Impact
For European organizations, the impact of CVE-2025-26672 can be significant, particularly for those still operating legacy Windows 10 Version 1809 systems with RRAS enabled. The confidentiality breach could expose sensitive internal network configurations, routing information, or other data that attackers could use to map networks or identify further vulnerabilities. This is especially critical for sectors such as finance, government, healthcare, and critical infrastructure, where network confidentiality is paramount. The vulnerability does not directly affect system integrity or availability, so immediate disruption is unlikely; however, the information disclosure could facilitate more targeted and damaging attacks. Organizations relying on RRAS for remote access or VPN services may be at higher risk, as attackers could exploit this vector remotely. Since user interaction is required, phishing or social engineering campaigns could be used to trigger the vulnerability. The lack of known exploits in the wild suggests a window of opportunity for proactive mitigation before widespread exploitation occurs. However, the medium severity rating should not lead to complacency, as information disclosure vulnerabilities can be stepping stones to more severe compromises.
Mitigation Recommendations
Identify and inventory all systems running Windows 10 Version 1809 with RRAS enabled, prioritizing those exposed to untrusted networks. Apply any available security updates or patches from Microsoft as soon as they are released. Monitor Microsoft’s security advisories closely for patch availability related to CVE-2025-26672. If patching is not immediately possible, consider disabling RRAS services on affected systems where feasible, especially if RRAS is not critical to business operations. Implement network segmentation and firewall rules to restrict access to RRAS services, limiting exposure to trusted internal networks only. Educate users about the risk of social engineering and phishing attacks that could trigger the required user interaction for exploitation. Deploy network intrusion detection/prevention systems (IDS/IPS) with updated signatures to detect anomalous RRAS traffic patterns that may indicate exploitation attempts. Plan for migration or upgrade of legacy Windows 10 Version 1809 systems to supported versions with ongoing security updates to reduce exposure to this and other vulnerabilities. Conduct regular security assessments and penetration tests focusing on remote access services to identify and remediate potential weaknesses.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium, Sweden, Austria
CVE-2025-26672: CWE-126: Buffer Over-read in Microsoft Windows 10 Version 1809
Description
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
AI-Powered Analysis
Technical Analysis
CVE-2025-26672 is a security vulnerability identified as a buffer over-read in the Windows Routing and Remote Access Service (RRAS) component of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The vulnerability is classified under CWE-126, which pertains to buffer over-read issues where a program reads data beyond the bounds of a buffer, potentially exposing sensitive information. In this case, an unauthorized attacker can exploit this flaw remotely over a network without requiring any privileges (PR:N) but does require user interaction (UI:R), such as convincing a user to initiate a connection or interaction that triggers the vulnerability. The attack vector is network-based (AV:N), meaning exploitation can occur remotely without physical access. The vulnerability does not affect integrity or availability but has a high impact on confidentiality (C:H), allowing attackers to disclose sensitive information from the affected system. The scope is unchanged (S:U), indicating the vulnerability affects only the vulnerable component without impacting other system components. The attack complexity is low (AC:L), meaning no special conditions are needed beyond user interaction. No known exploits are currently in the wild, and no patches have been linked yet. The vulnerability was published on April 8, 2025, and was reserved on February 12, 2025. Given the affected product is Windows 10 Version 1809, which is an older release, many organizations may have upgraded, but legacy systems or specialized environments may still be running this version. RRAS is a networking service used to provide routing and remote access capabilities, often in enterprise environments, making this vulnerability relevant for organizations relying on these services for VPNs, dial-up, or routing functions. Exploitation could lead to unauthorized disclosure of sensitive network or system information, which could be leveraged for further attacks or reconnaissance.
Potential Impact
For European organizations, the impact of CVE-2025-26672 can be significant, particularly for those still operating legacy Windows 10 Version 1809 systems with RRAS enabled. The confidentiality breach could expose sensitive internal network configurations, routing information, or other data that attackers could use to map networks or identify further vulnerabilities. This is especially critical for sectors such as finance, government, healthcare, and critical infrastructure, where network confidentiality is paramount. The vulnerability does not directly affect system integrity or availability, so immediate disruption is unlikely; however, the information disclosure could facilitate more targeted and damaging attacks. Organizations relying on RRAS for remote access or VPN services may be at higher risk, as attackers could exploit this vector remotely. Since user interaction is required, phishing or social engineering campaigns could be used to trigger the vulnerability. The lack of known exploits in the wild suggests a window of opportunity for proactive mitigation before widespread exploitation occurs. However, the medium severity rating should not lead to complacency, as information disclosure vulnerabilities can be stepping stones to more severe compromises.
Mitigation Recommendations
Identify and inventory all systems running Windows 10 Version 1809 with RRAS enabled, prioritizing those exposed to untrusted networks. Apply any available security updates or patches from Microsoft as soon as they are released. Monitor Microsoft’s security advisories closely for patch availability related to CVE-2025-26672. If patching is not immediately possible, consider disabling RRAS services on affected systems where feasible, especially if RRAS is not critical to business operations. Implement network segmentation and firewall rules to restrict access to RRAS services, limiting exposure to trusted internal networks only. Educate users about the risk of social engineering and phishing attacks that could trigger the required user interaction for exploitation. Deploy network intrusion detection/prevention systems (IDS/IPS) with updated signatures to detect anomalous RRAS traffic patterns that may indicate exploitation attempts. Plan for migration or upgrade of legacy Windows 10 Version 1809 systems to supported versions with ongoing security updates to reduce exposure to this and other vulnerabilities. Conduct regular security assessments and penetration tests focusing on remote access services to identify and remediate potential weaknesses.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- microsoft
- Date Reserved
- 2025-02-12T22:35:41.549Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682cd0f91484d88663aebb57
Added to database: 5/20/2025, 6:59:05 PM
Last enriched: 6/10/2025, 10:50:33 PM
Last updated: 7/7/2025, 10:48:42 AM
Views: 7
Related Threats
CVE-2025-7155: SQL Injection in PHPGurukul Online Notes Sharing System
MediumCVE-2025-43001: CWE-266: Incorrect Privilege Assignment in SAP_SE SAPCAR
MediumCVE-2025-42992: CWE-266: Incorrect Privilege Assignment in SAP_SE SAPCAR
MediumCVE-2025-42986: CWE-862: Missing Authorization in SAP_SE SAP NetWeaver and ABAP Platform
MediumMicrosoft hardens Windows 11 against file junction attacks
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.