CVE-2025-55700 is a security vulnerability classified as CWE-125 (Out-of-bounds Read) found in the Windows Routing and Remote Access Service (RRAS) component of Microsoft Windows 10 Version 1507 (build 10.0.10240.0). The vulnerability arises due to improper validation of memory boundaries when processing network data, allowing an attacker to read memory outside the intended buffer. This can lead to unauthorized disclosure of sensitive information over the network without requiring any privileges or authentication, although user interaction is necessary to trigger the flaw. The vulnerability does not permit modification of data or denial of service but compromises confidentiality by leaking potentially sensitive information. The CVSS v3.1 base score is 6.5, indicating a medium severity level, with attack vector being network-based, low attack complexity, no privileges required, and user interaction needed. No patches or exploits are currently publicly available, but the vulnerability is officially published and reserved since August 2025. The affected product is an early release of Windows 10, which is largely superseded by newer versions, but some legacy systems may still be in use. The vulnerability highlights risks in legacy network services like RRAS that handle external input without sufficient boundary checks.

The primary impact of CVE-2025-55700 is the unauthorized disclosure of sensitive information from affected systems, which can compromise confidentiality. Attackers can remotely exploit this vulnerability without authentication, potentially gaining access to memory contents that may include credentials, configuration data, or other sensitive information. Although the vulnerability does not allow code execution or system control, the leaked information can be leveraged for further attacks such as privilege escalation or lateral movement within a network. Organizations running Windows 10 Version 1507 with RRAS enabled and exposed to untrusted networks are at risk. This includes enterprises with legacy infrastructure, industrial control systems, or remote access setups relying on RRAS. The medium severity rating reflects the balance between the ease of exploitation and the limited scope of impact (confidentiality only). The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time.

1. Upgrade affected systems to a supported and fully patched version of Windows 10 or later, as Windows 10 Version 1507 is outdated and no longer supported by Microsoft. 2. If upgrading is not immediately possible, disable the Routing and Remote Access Service (RRAS) on affected systems to eliminate the attack surface. 3. Restrict network exposure of RRAS by implementing strict firewall rules and network segmentation to limit access only to trusted networks and users. 4. Monitor network traffic for unusual or suspicious activity targeting RRAS ports and services. 5. Employ endpoint detection and response (EDR) tools to detect attempts to exploit memory corruption or information disclosure vulnerabilities. 6. Educate users about the risk of interacting with unsolicited network prompts or connections that could trigger the vulnerability. 7. Maintain an inventory of legacy systems and prioritize their upgrade or isolation to reduce exposure to known vulnerabilities. 8. Stay informed about any future patches or advisories from Microsoft regarding this vulnerability and apply them promptly.