CVE-2025-62473 is a buffer over-read vulnerability classified under CWE-126, discovered in the Windows Routing and Remote Access Service (RRAS) component of Microsoft Windows 10 Version 1607 (build 10.0.14393.0). This vulnerability arises when RRAS improperly handles certain network inputs, leading to reading beyond the intended buffer boundaries. An attacker can exploit this flaw remotely over the network without requiring privileges, but user interaction is necessary, such as convincing a user to connect to a malicious network service. The consequence of this buffer over-read is unauthorized disclosure of sensitive information from system memory, which could include data that compromises confidentiality. The vulnerability does not allow code execution, system integrity compromise, or denial of service. The CVSS v3.1 base score is 6.5, reflecting a medium severity with high confidentiality impact but no integrity or availability impact. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is unchanged (S:U), meaning the impact is limited to the vulnerable component. Currently, there are no known exploits in the wild, and no official patches have been linked, though Microsoft has reserved the CVE and published the advisory. This vulnerability primarily affects legacy systems still running Windows 10 Version 1607, which is an older release no longer supported by mainstream updates but may remain in use in some environments. RRAS is often used in enterprise and industrial networks for routing and VPN services, making this vulnerability relevant for organizations relying on these services on outdated Windows 10 versions.

The primary impact of CVE-2025-62473 is unauthorized disclosure of sensitive information due to buffer over-read in RRAS. This can lead to leakage of memory contents that may include credentials, configuration data, or other sensitive information, potentially aiding further attacks or reconnaissance. Since the vulnerability does not allow code execution or denial of service, the immediate operational impact is limited. However, information disclosure can compromise confidentiality and privacy, especially in environments handling sensitive or regulated data. Organizations running Windows 10 Version 1607 with RRAS enabled are at risk, particularly if exposed to untrusted networks or if users can be tricked into interacting with malicious services. The lack of known exploits reduces immediate threat but does not eliminate risk, as attackers may develop exploits. The medium severity rating suggests moderate urgency for mitigation, especially in critical infrastructure, government, and industrial sectors where legacy systems persist. The vulnerability could be leveraged as part of a multi-stage attack chain, increasing its potential impact.

To mitigate CVE-2025-62473, organizations should first assess whether Windows 10 Version 1607 systems with RRAS enabled exist in their environment. If RRAS is not required, disable the service to eliminate the attack surface. For systems that must run RRAS, restrict network access to RRAS ports using firewalls and network segmentation, limiting exposure to trusted networks only. Educate users to avoid connecting to untrusted or suspicious network services to reduce the risk of user interaction exploitation. Monitor network traffic for unusual RRAS activity that could indicate exploitation attempts. Since no patches are currently linked, stay alert for official Microsoft updates and apply them promptly once available. Consider upgrading affected systems to a supported Windows version with ongoing security updates to reduce exposure to legacy vulnerabilities. Employ endpoint detection and response (EDR) tools to detect anomalous behavior related to RRAS. Regularly review and audit RRAS configurations to ensure they follow security best practices.