CVE-2025-29835 is a medium-severity vulnerability identified in Microsoft Windows 10 Version 1809, specifically in the Routing and Remote Access Service (RRAS). The vulnerability is classified as an out-of-bounds read (CWE-125), which allows an unauthorized attacker to read memory outside the intended buffer boundaries. This flaw can lead to the disclosure of sensitive information over a network without requiring any privileges (PR:N) but does require user interaction (UI:R), such as convincing a user to initiate a connection or interaction that triggers the vulnerability. The vulnerability does not impact integrity or availability but has a high impact on confidentiality (C:H). The attack vector is network-based (AV:N), meaning an attacker can exploit this remotely without physical access. The vulnerability affects Windows 10 Version 1809 (build 10.0.17763.0), a legacy version of Windows 10 that is still in use in some environments. No known exploits are currently in the wild, and no patches have been linked yet, indicating that mitigation may rely on workarounds or updates once released. The vulnerability could be leveraged to leak sensitive information from the affected system’s memory, potentially exposing credentials, cryptographic keys, or other confidential data processed by RRAS. Given that RRAS is used to provide VPN and routing services, exploitation could compromise network confidentiality and facilitate further attacks or reconnaissance by adversaries.

For European organizations, this vulnerability poses a significant risk especially to enterprises and public sector entities that rely on Windows 10 Version 1809 for their VPN or remote access infrastructure. Disclosure of sensitive information could lead to exposure of internal network details, user credentials, or other confidential data, undermining trust and compliance with data protection regulations such as GDPR. The impact is heightened in sectors with strict confidentiality requirements, including finance, healthcare, and government. Since the vulnerability can be exploited remotely without authentication, attackers could target exposed RRAS endpoints to gain intelligence or prepare for subsequent attacks. Organizations that have not upgraded from Windows 10 Version 1809 or that maintain legacy systems for compatibility reasons are particularly vulnerable. The absence of known exploits in the wild suggests a window of opportunity for proactive mitigation before active exploitation begins. However, the requirement for user interaction may limit mass exploitation but does not eliminate targeted attacks against high-value targets.

European organizations should prioritize upgrading affected systems to a supported and patched version of Windows 10 or later versions where this vulnerability is resolved. Until patches are available, organizations should restrict exposure of RRAS services to untrusted networks by implementing strict firewall rules and network segmentation to limit access only to trusted users and devices. Employing multi-factor authentication (MFA) for remote access can reduce the risk posed by user interaction requirements. Monitoring network traffic for unusual RRAS activity and enabling logging can help detect attempted exploitation. Additionally, organizations should educate users about the risks of interacting with unsolicited network prompts or connections that could trigger the vulnerability. Where possible, disabling RRAS on systems that do not require it can eliminate the attack surface. Regular vulnerability scanning and asset inventory management will help identify systems still running Windows 10 Version 1809 to prioritize remediation efforts.