CVE-2025-54095 is a vulnerability classified as CWE-125 (Out-of-bounds Read) affecting Microsoft Windows Server 2019, specifically version 10.0.17763.0. The flaw exists within the Windows Routing and Remote Access Service (RRAS), a component responsible for routing network traffic and providing remote access capabilities. An out-of-bounds read occurs when the software reads memory outside the bounds of a buffer, potentially exposing sensitive data stored in adjacent memory locations. In this case, an unauthenticated attacker can send specially crafted network packets to the RRAS service, causing it to read memory beyond intended limits and disclose information over the network. The vulnerability does not allow modification or disruption of service but compromises confidentiality by leaking potentially sensitive data. The CVSS 3.1 vector indicates the attack can be performed remotely over the network (AV:N), requires low attack complexity (AC:L), no privileges (PR:N), but does require user interaction (UI:R), such as triggering a connection or response. The scope is unchanged (S:U), meaning the impact is limited to the vulnerable component. The impact on confidentiality is high (C:H), while integrity and availability are unaffected (I:N, A:N). No known exploits are currently in the wild, and no patches have been released at the time of publication, though Microsoft is likely to issue updates given the confirmed severity. This vulnerability is significant because RRAS is often used in enterprise environments to manage VPNs, routing, and remote access, making it a critical network service. Attackers exploiting this flaw could gain access to sensitive information such as authentication tokens, network configuration data, or other memory-resident secrets, potentially aiding further attacks or reconnaissance.

For European organizations, the primary impact of CVE-2025-54095 is unauthorized disclosure of sensitive information from Windows Server 2019 systems running RRAS. This could lead to leakage of credentials, network topology details, or other confidential data, increasing the risk of subsequent targeted attacks such as lateral movement or privilege escalation. Sectors with high reliance on secure remote access and routing services—such as finance, government, healthcare, and critical infrastructure—are particularly vulnerable. The medium severity rating reflects that while the vulnerability does not allow direct system compromise or denial of service, the confidentiality breach can undermine trust and compliance with data protection regulations like GDPR. Additionally, the requirement for user interaction may limit exploitation scope but does not eliminate risk, especially in environments with automated or frequent network interactions. The absence of patches at publication means organizations must rely on compensating controls to reduce exposure until updates are available. Failure to address this vulnerability could result in data breaches, regulatory penalties, and reputational damage.

1. Immediately audit and inventory all Windows Server 2019 systems running RRAS to identify exposed instances. 2. Restrict RRAS exposure by limiting network access to trusted hosts and networks using firewalls and access control lists. 3. Implement network segmentation to isolate RRAS servers from general user networks and sensitive data stores. 4. Monitor RRAS traffic for anomalous or unexpected connection attempts that could indicate exploitation attempts. 5. Disable RRAS services on servers where remote access or routing is not required to reduce attack surface. 6. Educate users and administrators about the risk and the need to avoid triggering suspicious network interactions that could facilitate exploitation. 7. Prepare for rapid deployment of official patches from Microsoft once released, including testing in controlled environments. 8. Employ endpoint detection and response (EDR) tools to detect unusual memory access patterns or network behaviors related to RRAS. 9. Review and enhance logging and alerting on RRAS-related events to enable timely detection of exploitation attempts. 10. Coordinate with incident response teams to develop playbooks specific to this vulnerability for quick containment if exploitation is detected.