CVE-2025-58717 is a vulnerability classified as CWE-125 (Out-of-bounds Read) affecting Microsoft Windows 11 Version 25H2, specifically in the Routing and Remote Access Service (RRAS). The flaw allows an attacker to send crafted network packets to the RRAS component, causing it to read memory outside the intended buffer boundaries. This out-of-bounds read can lead to disclosure of sensitive information residing in adjacent memory areas, potentially leaking data such as credentials, cryptographic keys, or other confidential information. The vulnerability requires no privileges and no prior authentication, but does require user interaction, such as connecting to a malicious RRAS server or service. The CVSS v3.1 score of 6.5 reflects a medium severity, with a vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), high confidentiality impact (C:H), no integrity or availability impact (I:N/A:N), and an exploit code maturity rated as 'official' (E:U) with remediation level 'official fix' (RL:O) and report confidence 'confirmed' (RC:C). No public exploits or patches are currently available. The vulnerability poses a risk primarily to systems running RRAS on Windows 11 25H2 builds, especially in environments where RRAS is exposed to untrusted networks.

For European organizations, this vulnerability could lead to unauthorized disclosure of sensitive information over the network, compromising confidentiality. Organizations relying on RRAS for VPN or remote access services may expose internal data to attackers capable of exploiting this flaw. Although the vulnerability does not affect integrity or availability, the leaked information could facilitate further attacks such as credential theft or lateral movement within networks. Critical sectors like finance, government, healthcare, and energy that use Windows 11 25H2 with RRAS enabled are particularly at risk. The medium severity and lack of known exploits reduce immediate urgency, but the potential for data leakage in high-value environments warrants prompt attention. The requirement for user interaction limits mass exploitation but targeted attacks remain a concern.

1. Disable RRAS if it is not required in your environment to eliminate the attack surface. 2. Restrict network access to RRAS services using firewalls and network segmentation, allowing only trusted hosts and networks. 3. Monitor network traffic for unusual or unexpected RRAS connection attempts, especially from untrusted sources. 4. Educate users to avoid connecting to unknown or untrusted RRAS servers or VPN endpoints. 5. Apply any official patches or updates from Microsoft promptly once available. 6. Employ endpoint detection and response (EDR) tools to detect anomalous memory access or suspicious RRAS activity. 7. Review and harden RRAS configurations to minimize exposure and privilege levels. 8. Implement network-level authentication and encryption to reduce the risk of interception and exploitation.