CVE-2025-64678 is a heap-based buffer overflow vulnerability classified under CWE-122, discovered in the Windows Routing and Remote Access Service (RRAS) component of Microsoft Windows 10 Version 1607 (build 10.0.14393.0). The vulnerability arises from improper handling of input data within RRAS, leading to a buffer overflow condition on the heap. This flaw can be triggered remotely by an unauthenticated attacker sending specially crafted network packets to the RRAS service, which listens for routing and remote access requests. Upon successful exploitation, the attacker can execute arbitrary code with system-level privileges, compromising the confidentiality, integrity, and availability of the affected system. The CVSS v3.1 base score is 8.8, indicating high severity, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). No public exploits or patches are currently available, but the vulnerability is officially published and reserved since November 2025. RRAS is commonly used in enterprise environments to provide VPN and routing services, making this vulnerability particularly critical for organizations relying on legacy Windows 10 systems. The lack of patches necessitates immediate mitigation to prevent potential exploitation.

The impact of CVE-2025-64678 is severe for organizations worldwide, especially those still operating Windows 10 Version 1607 in their infrastructure. Successful exploitation allows remote, unauthenticated attackers to execute arbitrary code with system privileges, potentially leading to full system takeover. This can result in data breaches, unauthorized access to sensitive information, disruption of network services, and lateral movement within corporate networks. Enterprises using RRAS for VPN or routing services are at heightened risk, as attackers can leverage this vulnerability to bypass network defenses and gain persistent access. The vulnerability threatens confidentiality, integrity, and availability simultaneously, increasing the risk of ransomware deployment, espionage, or sabotage. Given the age of the affected Windows version, many organizations may have legacy systems that are no longer supported with patches, exacerbating exposure. The absence of known exploits in the wild currently provides a window for proactive defense, but the high severity score indicates that exploitation would have critical consequences.

1. Disable the Routing and Remote Access Service (RRAS) on Windows 10 Version 1607 systems if it is not essential for business operations to eliminate the attack surface. 2. Restrict network access to RRAS endpoints using firewalls or network segmentation, allowing only trusted IP addresses and VPN clients to communicate with the service. 3. Monitor network traffic for unusual or malformed packets targeting RRAS ports and implement intrusion detection/prevention systems (IDS/IPS) with signatures tuned for RRAS anomalies. 4. Upgrade affected systems to a supported and patched version of Windows 10 or later, as Windows 10 Version 1607 is an outdated release with limited security updates. 5. Apply virtual patching via endpoint protection platforms that can detect and block exploitation attempts targeting heap-based buffer overflows in RRAS. 6. Conduct regular vulnerability scanning and penetration testing focused on RRAS and related network services to identify exposure. 7. Educate IT staff on this vulnerability and ensure incident response plans include procedures for detecting and mitigating exploitation attempts. 8. Stay alert for official patches or security advisories from Microsoft and apply them promptly once available.