CVE-2025-60713 is a vulnerability classified under CWE-822 (Untrusted Pointer Dereference) found in the Routing and Remote Access Service (RRAS) component of Microsoft Windows Server 2019 (version 10.0.17763.0). The vulnerability arises when the RRAS improperly handles pointers that can be manipulated by an attacker with local authorized access, leading to dereferencing untrusted pointers. This flaw allows an attacker with limited privileges on the system to escalate their privileges to SYSTEM level, thereby gaining full control over the affected server. The vulnerability does not require user interaction but does require the attacker to have some level of local access (privileged or non-privileged user account). The CVSS v3.1 base score is 7.8, indicating a high severity level, with impacts rated as high on confidentiality, integrity, and availability. The attack vector is local, and the attack complexity is low, meaning exploitation is feasible once local access is obtained. No public exploits or active exploitation have been reported as of the publication date (November 11, 2025). The vulnerability is significant because Windows Server 2019 is widely used in enterprise environments for routing, VPN, and remote access services, making it a critical component in network infrastructure. Successful exploitation could allow attackers to bypass security controls, deploy malware, or disrupt network services. Since no patches are currently linked, organizations must prepare to apply updates promptly upon release and implement compensating controls to limit local access and monitor RRAS activity for suspicious behavior.

For European organizations, the impact of CVE-2025-60713 could be substantial. Many enterprises, government agencies, and critical infrastructure providers in Europe rely on Windows Server 2019 for network routing and remote access capabilities. Exploitation could lead to unauthorized privilege escalation, enabling attackers to gain full control over servers that manage sensitive network traffic and remote connections. This could result in data breaches, disruption of network services, and potential lateral movement within corporate networks. The confidentiality of sensitive data could be compromised, integrity of network configurations altered, and availability of remote access services disrupted, affecting business continuity. Organizations in sectors such as finance, healthcare, telecommunications, and government are particularly at risk due to the critical nature of their network infrastructure. Additionally, the local attack vector means that insider threats or attackers who have gained initial footholds through other means could leverage this vulnerability to escalate privileges and deepen their access. The absence of known exploits in the wild provides a window for proactive defense, but the high severity score underscores the urgency of mitigation.

1. Monitor Microsoft’s security advisories closely and apply official patches for Windows Server 2019 RRAS as soon as they become available. 2. Restrict local access to Windows Server 2019 systems running RRAS to only trusted and necessary personnel, minimizing the risk of local exploitation. 3. Implement strict access controls and use least privilege principles for user accounts on servers hosting RRAS. 4. Enable and review detailed logging and auditing of RRAS activities and local privilege escalation attempts to detect suspicious behavior early. 5. Employ endpoint detection and response (EDR) solutions capable of identifying anomalous local privilege escalation activities. 6. Consider network segmentation to isolate critical RRAS servers from less trusted network zones, reducing the attack surface. 7. Conduct regular security awareness training to reduce the risk of insider threats and educate administrators on the importance of patching and access control. 8. Use multi-factor authentication (MFA) for administrative access to servers to add an additional layer of security. 9. Evaluate and harden server configurations to minimize unnecessary services and reduce potential exploitation vectors. 10. Prepare incident response plans specifically addressing local privilege escalation scenarios to ensure rapid containment and remediation.