CVE-2025-62473 is a buffer over-read vulnerability classified under CWE-126 found in the Windows Routing and Remote Access Service (RRAS) component of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The vulnerability arises due to improper bounds checking when processing network data, allowing an attacker to read beyond the intended buffer limits. This can lead to disclosure of sensitive information residing in adjacent memory areas. The flaw can be exploited remotely over the network without requiring any privileges, although user interaction is necessary, likely involving triggering a specific network request or packet to the RRAS service. The vulnerability impacts confidentiality severely but does not affect integrity or availability. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) reflects that the attack can be performed remotely with low complexity, no privileges, but requires user interaction, and affects confidentiality with high impact. No exploits have been reported in the wild yet, and no official patches have been linked, indicating that mitigation currently relies on configuration changes and network controls. RRAS is often used for VPN and routing services, so systems exposing RRAS to untrusted networks are particularly vulnerable. This vulnerability could be leveraged to gather sensitive information that may facilitate further attacks such as credential theft or network reconnaissance.

For European organizations, the primary impact of CVE-2025-62473 is the unauthorized disclosure of sensitive information over the network, which can compromise confidentiality. This is particularly critical for entities relying on RRAS for VPN or remote access services, including government agencies, financial institutions, healthcare providers, and critical infrastructure operators. Information leakage could expose internal network details, user credentials, or configuration data, enabling attackers to escalate privileges or conduct targeted attacks. Since Windows 10 Version 1809 is an older release, organizations still running this version, especially in legacy or industrial environments, are at heightened risk. The lack of integrity or availability impact means systems remain operational, but the confidentiality breach could undermine trust and regulatory compliance, especially under GDPR. Additionally, the requirement for user interaction suggests that phishing or social engineering could be combined with this vulnerability to increase exploitation likelihood. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, emphasizing the need for proactive mitigation.

1. Disable the Routing and Remote Access Service (RRAS) on Windows 10 Version 1809 systems if it is not essential for business operations. 2. Restrict network access to RRAS services by implementing strict firewall rules, allowing only trusted IP addresses or VPN endpoints to connect. 3. Employ network segmentation to isolate RRAS servers from general user networks and the internet to minimize exposure. 4. Monitor network traffic for unusual or malformed packets targeting RRAS ports to detect potential exploitation attempts. 5. Educate users about phishing and social engineering risks since user interaction is required for exploitation. 6. Plan and execute an upgrade strategy to move away from Windows 10 Version 1809 to supported, patched versions of Windows to eliminate the vulnerability. 7. Stay alert for official Microsoft patches or security advisories related to this CVE and apply them promptly once available. 8. Conduct regular vulnerability assessments and penetration tests focusing on RRAS and remote access services to identify and remediate weaknesses.