CVE-2025-64678 is a heap-based buffer overflow vulnerability identified in the Windows Routing and Remote Access Service (RRAS) component of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The flaw arises from improper handling of memory buffers during network packet processing within RRAS, which is responsible for routing and remote access functionalities. An attacker can exploit this vulnerability remotely without authentication by sending specially crafted network packets to the affected service. Successful exploitation allows arbitrary code execution in the context of the system, enabling the attacker to gain full control over the affected machine. The vulnerability has a CVSS 3.1 base score of 8.8, indicating high severity, with attack vector being network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). Although no public exploits are known at this time, the critical nature of remote code execution vulnerabilities in core Windows services necessitates urgent attention. The vulnerability was reserved in early November 2025 and published in December 2025, with no patches currently available, increasing the risk window for affected systems. RRAS is commonly used in enterprise environments for VPN and routing services, making this vulnerability particularly relevant for organizations relying on these features.

For European organizations, the impact of CVE-2025-64678 can be significant, especially for those still operating Windows 10 Version 1809 in production environments. Exploitation could lead to full system compromise, allowing attackers to steal sensitive data, disrupt operations, or deploy ransomware and other malware. Critical infrastructure, government agencies, and enterprises using RRAS for remote access or routing are at heightened risk. The vulnerability's network-based attack vector means it can be exploited remotely, increasing the attack surface and potential for widespread impact. Given that Windows 10 Version 1809 is an older release, some organizations may have delayed upgrades, increasing their exposure. The lack of available patches at the time of disclosure further exacerbates risk, potentially leading to targeted attacks once exploit code becomes available. Disruption of RRAS services could also impact business continuity and remote workforce connectivity, which remains crucial in many European countries. Overall, the vulnerability poses a high risk to confidentiality, integrity, and availability of affected systems within European enterprises and public sector organizations.

1. Immediate mitigation should focus on disabling the Routing and Remote Access Service (RRAS) on Windows 10 Version 1809 systems where it is not essential, to eliminate the attack surface. 2. For systems requiring RRAS, implement strict network-level controls such as firewall rules to restrict access to RRAS ports only to trusted hosts and networks. 3. Employ network segmentation to isolate vulnerable systems from critical infrastructure and sensitive data environments. 4. Monitor network traffic for anomalous packets targeting RRAS services, using intrusion detection/prevention systems (IDS/IPS) with updated signatures once available. 5. Prioritize upgrading affected systems to a supported and patched Windows version as soon as patches or updates are released by Microsoft. 6. Apply principle of least privilege and ensure endpoint protection solutions are active and updated to detect potential exploitation attempts. 7. Conduct regular vulnerability scanning and penetration testing focused on RRAS and related network services to identify exposure. 8. Prepare incident response plans specifically addressing potential exploitation of this vulnerability, including containment and recovery procedures. These steps go beyond generic advice by focusing on service-specific controls, network restrictions, and proactive monitoring tailored to RRAS vulnerabilities.