CVE-2025-26672 is a buffer over-read vulnerability classified under CWE-126, discovered in the Windows Routing and Remote Access Service (RRAS) component of Microsoft Windows 10 Version 1507 (build 10.0.10240.0). The vulnerability arises from improper bounds checking within RRAS, which allows an attacker to read memory beyond the intended buffer limits. This can lead to unauthorized disclosure of sensitive information over the network. The attack vector is network-based (AV:N), requiring no privileges (PR:N), but it does require user interaction (UI:R), such as responding to a crafted network request or connection attempt. The scope is unchanged (S:U), meaning the impact is limited to the vulnerable component and does not extend to other system components. The confidentiality impact is high (C:H), while integrity and availability remain unaffected (I:N, A:N). The vulnerability was reserved in February 2025 and published in April 2025, with no known exploits in the wild and no patches currently available. RRAS is a service used to provide routing and remote access capabilities, often employed in VPN and dial-up networking scenarios. The vulnerability could be exploited by attackers to glean sensitive information from affected systems, potentially aiding further attacks or reconnaissance. Since Windows 10 Version 1507 is an early release version, it is generally considered legacy and may still be in use in some environments due to legacy application dependencies or delayed upgrade cycles.

For European organizations, the primary impact of CVE-2025-26672 is the potential unauthorized disclosure of sensitive information over the network, which could include configuration details, credentials, or other data residing in memory buffers accessed by RRAS. This could facilitate further targeted attacks, espionage, or data leakage incidents. Organizations relying on RRAS for VPN or remote access services are particularly at risk. The vulnerability does not allow code execution or system disruption, so direct system compromise or denial of service is unlikely. However, the confidentiality breach could have regulatory implications under GDPR if personal or sensitive data is exposed. Legacy systems running Windows 10 Version 1507 may be more prevalent in industrial control systems, government agencies, or sectors with slow upgrade cycles, increasing the risk profile. The lack of available patches means organizations must rely on compensating controls until a fix is released. Attackers could exploit this vulnerability remotely without authentication, increasing the attack surface, especially in environments with exposed RRAS endpoints.

1. Disable the Routing and Remote Access Service (RRAS) on Windows 10 Version 1507 systems if it is not strictly necessary, to eliminate the attack surface. 2. For systems requiring RRAS, implement strict network segmentation and firewall rules to restrict access to RRAS ports only to trusted networks and users. 3. Monitor network traffic for unusual or unexpected RRAS connection attempts or malformed packets that could indicate exploitation attempts. 4. Employ intrusion detection/prevention systems (IDS/IPS) with updated signatures to detect potential exploitation patterns once available. 5. Expedite the upgrade or migration of affected systems from Windows 10 Version 1507 to a supported and patched Windows version to reduce exposure. 6. Apply principle of least privilege and ensure that RRAS configurations follow security best practices to minimize information exposure. 7. Maintain comprehensive logging and audit trails for RRAS activity to facilitate incident response. 8. Stay alert for official patches or advisories from Microsoft and apply them promptly upon release.