CVE-2025-54095 is a vulnerability classified as CWE-125 (Out-of-bounds Read) found in the Windows Routing and Remote Access Service (RRAS) component of Microsoft Windows Server 2019, specifically version 10.0.17763.0. This vulnerability arises when RRAS improperly handles memory reads, allowing an attacker to read data beyond the intended buffer boundaries. Exploitation requires no privileges but does require user interaction, such as triggering a network request that RRAS processes. The vulnerability enables an attacker to remotely disclose sensitive information over the network, potentially exposing confidential data residing in memory. The CVSS v3.1 base score is 6.5, reflecting medium severity, with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), high impact on confidentiality (C:H), and no impact on integrity or availability (I:N/A:N). No public exploits or active exploitation have been reported to date. The vulnerability is significant because RRAS is often used in enterprise environments to provide routing and remote access capabilities, making it a critical component in network infrastructure. An attacker exploiting this flaw could gain access to sensitive information, which might include authentication tokens, configuration data, or other memory-resident secrets, potentially facilitating further attacks or reconnaissance.

For European organizations, the primary impact of CVE-2025-54095 is the potential unauthorized disclosure of sensitive information from Windows Server 2019 systems running RRAS. This could compromise confidentiality of internal network data, credentials, or configuration details, increasing the risk of subsequent targeted attacks such as lateral movement or privilege escalation. Organizations in sectors with stringent data protection requirements, such as finance, healthcare, and government, could face compliance risks if sensitive data is leaked. The vulnerability does not directly affect system integrity or availability, so operational disruption is unlikely. However, information disclosure can undermine trust and security posture. Since RRAS is often deployed in enterprise network edge devices or VPN gateways, exposure to untrusted networks could increase attack likelihood. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time. European organizations with extensive Windows Server 2019 deployments and reliance on RRAS for remote access or routing services are particularly at risk.

1. Monitor Microsoft security advisories closely and apply official patches or updates for Windows Server 2019 RRAS as soon as they become available. 2. Until patches are released, restrict RRAS exposure by limiting network access to trusted internal networks and VPN endpoints only. 3. Employ network segmentation to isolate RRAS servers from general user networks to reduce attack surface. 4. Use firewall rules to block unnecessary inbound traffic to RRAS services, especially from untrusted external sources. 5. Implement strict access controls and multi-factor authentication for remote access services to reduce the risk of user interaction exploitation. 6. Conduct regular security audits and memory analysis on RRAS servers to detect unusual information disclosure attempts. 7. Educate users about phishing or social engineering tactics that could trigger the required user interaction for exploitation. 8. Consider alternative remote access solutions temporarily if RRAS cannot be adequately secured until patches are applied.