CVE-2025-60715 is a heap-based buffer overflow vulnerability identified in the Windows Routing and Remote Access Service (RRAS) component of Microsoft Windows 10 Version 1607 (build 10.0.14393.0). The flaw arises from improper handling of memory buffers within RRAS, which can be triggered remotely by an attacker with authorized access. Exploiting this vulnerability allows the attacker to execute arbitrary code on the affected system with high impact on confidentiality, integrity, and availability. The CVSS v3.1 score of 8.0 reflects the vulnerability's network attack vector (AV:N), low attack complexity (AC:L), requirement for privileges (PR:L), and user interaction (UI:R). The scope remains unchanged (S:U), but the consequences include high confidentiality (C:H), integrity (I:H), and availability (A:H) impacts. Although no public exploits or patches are currently available, the vulnerability poses a significant risk to systems still running this legacy Windows 10 version, especially those exposing RRAS services to untrusted networks. The vulnerability was reserved on 2025-09-26 and published on 2025-11-11. RRAS is commonly used for VPN and routing services, making this a critical concern for organizations relying on these capabilities for remote access and network connectivity.

The vulnerability enables remote code execution with high impact on confidentiality, integrity, and availability, potentially allowing attackers to take full control of affected systems. Organizations using Windows 10 Version 1607 with RRAS enabled may face data breaches, service disruptions, and lateral movement within networks. The requirement for low privileges and user interaction lowers the barrier for exploitation in targeted attacks. Critical infrastructure, enterprise networks, and service providers relying on RRAS for remote access are particularly vulnerable. The lack of available patches increases the window of exposure, raising the risk of future exploitation. The vulnerability could facilitate ransomware deployment, espionage, or sabotage, especially in environments where legacy systems remain operational due to compatibility or upgrade constraints.

1. Immediately restrict RRAS exposure by limiting network access to trusted internal networks and VPN endpoints only. 2. Disable RRAS on Windows 10 Version 1607 systems if not required. 3. Monitor network traffic for anomalous RRAS activity and signs of exploitation attempts. 4. Implement strict access controls and multi-factor authentication to reduce the risk of authorized attacker exploitation. 5. Prepare for rapid deployment of patches once Microsoft releases updates addressing this vulnerability. 6. Consider upgrading affected systems to supported Windows versions with active security updates to eliminate exposure. 7. Employ endpoint detection and response (EDR) solutions to detect suspicious behaviors indicative of exploitation. 8. Conduct regular vulnerability assessments and penetration testing focusing on RRAS and remote access services.