CVE-2025-58717 is a vulnerability classified under CWE-125 (Out-of-bounds Read) affecting the Windows Routing and Remote Access Service (RRAS) component in Microsoft Windows 11 Version 25H2 (build 10.0.26200.0). The flaw allows an attacker to send specially crafted network packets to the RRAS service, triggering an out-of-bounds read condition. This results in the disclosure of sensitive information from memory, which could include data that should remain confidential. The vulnerability does not allow code execution or modification of data, but the information leak could aid further attacks or reconnaissance. Exploitation requires no privileges but does require user interaction, such as accepting a network connection or similar action. The CVSS v3.1 score is 6.5, reflecting a medium severity with high impact on confidentiality, no impact on integrity or availability, and an attack vector over the network with low complexity. Currently, there are no known exploits in the wild, and no patches have been released, though the vulnerability has been publicly disclosed. The RRAS service is used to provide routing and remote access capabilities, often in enterprise environments for VPNs and network routing, making this vulnerability relevant for organizations relying on these features.

For European organizations, the primary impact of CVE-2025-58717 is the potential unauthorized disclosure of sensitive information over the network. This could include internal configuration data, credentials, or other memory-resident sensitive information accessible via RRAS. Organizations with exposed or externally accessible RRAS services are at higher risk, especially those in sectors like finance, government, healthcare, and critical infrastructure where confidentiality is paramount. The vulnerability does not allow for system compromise or denial of service but could facilitate further targeted attacks by leaking valuable information. The medium severity rating suggests a moderate risk level; however, the impact could be significant if sensitive data is exposed. Since user interaction is required, social engineering or phishing could be used to increase exploitation likelihood. The lack of known exploits currently reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits post-disclosure.

1. Disable RRAS if it is not required in your environment to eliminate the attack surface. 2. Restrict RRAS exposure by limiting access to trusted internal networks or VPNs only, using firewall rules and network segmentation. 3. Monitor network traffic for unusual or unexpected RRAS connection attempts or malformed packets indicative of exploitation attempts. 4. Educate users about the risks of accepting unexpected network connection requests or prompts related to RRAS services. 5. Apply principle of least privilege and ensure that RRAS services run with minimal necessary permissions. 6. Stay alert for official patches or updates from Microsoft and prioritize their deployment once available. 7. Use endpoint detection and response (EDR) tools to detect anomalous behavior related to RRAS exploitation attempts. 8. Conduct regular vulnerability assessments and penetration testing focusing on RRAS and related network services to identify exposure.