CVE-2025-26672 is a medium-severity vulnerability identified as a buffer over-read issue (CWE-126) in the Microsoft Windows 10 Version 1809 Routing and Remote Access Service (RRAS). This vulnerability allows an unauthorized attacker to remotely cause the system to disclose sensitive information over the network without requiring any privileges. The flaw arises from improper bounds checking in the RRAS component, which processes network packets. An attacker can send specially crafted network packets to a vulnerable system running Windows 10 Version 1809 (build 10.0.17763.0), triggering the buffer over-read condition. This results in the system reading memory beyond the intended buffer, potentially leaking sensitive information such as memory contents that could include credentials, cryptographic keys, or other confidential data. The vulnerability does not allow code execution or system modification but compromises confidentiality. Exploitation requires no privileges but does require user interaction, likely in the form of the system processing network traffic or responding to crafted packets. The CVSS v3.1 base score is 6.5, reflecting a medium severity with high confidentiality impact but no impact on integrity or availability. No known exploits are currently in the wild, and no patches have been linked yet, indicating that mitigation may rely on workarounds or network-level controls until an official update is released.

For European organizations, this vulnerability poses a significant risk to confidentiality, especially for entities relying on Windows 10 Version 1809 in networked environments where RRAS is enabled. RRAS is commonly used for VPN, routing, and remote access services, which are critical for secure communications. Disclosure of sensitive information could lead to further targeted attacks, credential theft, or espionage, particularly impacting sectors with high-value data such as finance, government, healthcare, and critical infrastructure. Since the vulnerability can be exploited remotely without authentication, attackers could scan for exposed RRAS services and attempt to extract information, increasing the attack surface. The lack of integrity or availability impact reduces the risk of service disruption but does not diminish the potential for data leakage. European organizations with legacy systems or delayed patching practices are especially vulnerable. Additionally, compliance requirements under GDPR emphasize protecting personal data confidentiality, so exploitation could lead to regulatory penalties and reputational damage.

To mitigate CVE-2025-26672 effectively, European organizations should: 1) Immediately identify and inventory all systems running Windows 10 Version 1809 with RRAS enabled. 2) Disable RRAS on systems where it is not essential to reduce the attack surface. 3) Implement network-level filtering to block or restrict access to RRAS-related ports and protocols from untrusted networks, especially the internet. 4) Monitor network traffic for anomalous or malformed packets targeting RRAS services that could indicate exploitation attempts. 5) Apply any available Microsoft security updates as soon as they are released; if no patch is available, consider upgrading to a supported Windows version that is not affected. 6) Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics for RRAS exploitation attempts once such signatures become available. 7) Conduct regular security awareness training to ensure that IT staff understand the risks of legacy systems and the importance of timely patching and network segmentation. 8) Review and enhance logging and incident response capabilities to detect and respond to potential information disclosure events promptly.