CVE-2025-60713 is a vulnerability identified in Microsoft Windows Server 2019, specifically within the Routing and Remote Access Service (RRAS) component. The issue is classified under CWE-822, which pertains to untrusted pointer dereference. This type of vulnerability occurs when a program dereferences a pointer that can be influenced by an attacker, potentially leading to undefined behavior including privilege escalation. In this case, an authorized attacker with local access can exploit the flaw to elevate their privileges on the affected system. The vulnerability does not require user interaction and has a CVSS 3.1 base score of 7.8, indicating high severity. The attack vector is local, requiring low attack complexity and privileges, but no user interaction, and the impact on confidentiality, integrity, and availability is high. Although no exploits are currently known to be active in the wild, the vulnerability is publicly disclosed and thus poses a significant risk. The affected version is Windows Server 2019 build 10.0.17763.0. The flaw could allow attackers to gain SYSTEM-level privileges from lower-privileged accounts, potentially enabling full control over the server and access to sensitive data or disruption of services. RRAS is commonly used for VPN and routing services, making this vulnerability particularly critical in environments relying on these features for remote access and network connectivity.

For European organizations, the impact of CVE-2025-60713 can be substantial. Many enterprises and public sector entities across Europe utilize Windows Server 2019 for critical infrastructure, including VPN services and network routing via RRAS. Successful exploitation could allow attackers to escalate privileges locally, leading to unauthorized access to sensitive data, disruption of network services, and potential lateral movement within corporate networks. This could compromise confidentiality, integrity, and availability of critical systems. Sectors such as finance, healthcare, government, and telecommunications are particularly at risk due to their reliance on secure remote access and network routing. The vulnerability could also facilitate subsequent attacks, including deployment of ransomware or data exfiltration. Given the local attack vector, insider threats or attackers with initial footholds could leverage this flaw to gain full system control. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as public disclosure may prompt development of exploit code.

1. Apply official patches from Microsoft as soon as they become available to address CVE-2025-60713. 2. Until patches are released, consider disabling RRAS services if not essential, or restrict RRAS usage to trusted administrators only. 3. Implement strict access controls and monitoring on servers running Windows Server 2019, focusing on detecting unusual local privilege escalation attempts. 4. Employ endpoint detection and response (EDR) solutions capable of identifying suspicious activities related to pointer dereference exploitation or privilege escalation. 5. Conduct regular audits of user privileges and remove unnecessary local administrative rights to minimize the attack surface. 6. Use application whitelisting and system hardening techniques to limit execution of unauthorized code. 7. Educate system administrators about this vulnerability and encourage vigilance for signs of compromise. 8. Maintain up-to-date backups and incident response plans to mitigate potential damage from exploitation.