CVE-2025-64678 is a heap-based buffer overflow vulnerability identified in the Windows Routing and Remote Access Service (RRAS) component of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The vulnerability stems from improper handling of input data within RRAS, leading to a buffer overflow condition on the heap. This flaw allows an attacker to send specially crafted network packets to a vulnerable system running RRAS, triggering the overflow and enabling remote code execution without requiring any prior authentication. The vulnerability is classified under CWE-122, which pertains to heap-based buffer overflows that can corrupt memory and alter program control flow. The CVSS v3.1 score of 8.8 reflects the high impact on confidentiality, integrity, and availability, with an attack vector over the network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R), and scope unchanged (S:U). The exploitability is significant because RRAS is a network-facing service often used in enterprise environments for VPN and routing functions. Although no known exploits have been reported in the wild as of the publication date, the vulnerability's public disclosure increases the risk of exploitation attempts. The absence of official patches at the time of disclosure necessitates immediate risk mitigation steps. The vulnerability affects only Windows 10 Version 1809, which is an older release but still in use in some organizations, particularly those with legacy systems or delayed upgrade cycles. Attackers exploiting this vulnerability could gain full control over affected systems, enabling data theft, lateral movement, or disruption of network services.

For European organizations, the impact of CVE-2025-64678 can be severe, especially for those still operating Windows 10 Version 1809 with RRAS enabled. Successful exploitation could lead to unauthorized remote code execution, allowing attackers to compromise sensitive data, disrupt critical network routing services, or deploy ransomware and other malware. Industries such as telecommunications, finance, healthcare, and government agencies that rely on RRAS for VPN or routing services are particularly at risk. The confidentiality of personal and corporate data could be breached, integrity of network configurations compromised, and availability of essential services disrupted. Given the network-facing nature of RRAS, exploitation could be conducted remotely without authentication, increasing the threat surface. The vulnerability could facilitate lateral movement within corporate networks, escalating the scope of attacks. European organizations with strict data protection regulations (e.g., GDPR) face additional compliance risks if breaches occur due to this vulnerability. The lack of known exploits currently provides a window for proactive defense, but the high CVSS score indicates urgent attention is needed to prevent potential future attacks.

1. Immediately assess the presence of Windows 10 Version 1809 systems running RRAS within the network. 2. Where possible, upgrade affected systems to a supported and patched Windows version that addresses this vulnerability. 3. If upgrading is not immediately feasible, disable the Routing and Remote Access Service on affected systems to eliminate the attack vector. 4. Implement network-level controls such as firewall rules to restrict inbound access to RRAS ports (e.g., PPTP, L2TP, SSTP) from untrusted networks. 5. Monitor network traffic for unusual or malformed packets targeting RRAS services that could indicate exploitation attempts. 6. Employ endpoint detection and response (EDR) solutions to detect anomalous process behavior indicative of exploitation. 7. Educate IT staff about the vulnerability and ensure incident response plans include procedures for this threat. 8. Regularly review and apply security advisories from Microsoft and related vendors for patches or mitigations as they become available. 9. Conduct vulnerability scans and penetration testing focused on RRAS to identify exposure. 10. Maintain robust backup and recovery processes to mitigate impact in case of compromise.