CVE-2026-25173 is an integer overflow or wraparound vulnerability identified in the Windows Routing and Remote Access Service (RRAS) component of Microsoft Windows 10 Version 1607 (build 10.0.14393.0). The vulnerability stems from improper validation and handling of integer values within RRAS, which can lead to an overflow condition. This flaw can be triggered by an authorized attacker with low privileges who sends specially crafted network packets to the RRAS service. The integer overflow can cause memory corruption, enabling the attacker to execute arbitrary code remotely. The vulnerability requires some user interaction and privileges but does not require high-level administrative rights. The CVSS v3.1 base score is 8.0, indicating a high severity level, with attack vector being network-based, low attack complexity, and partial privileges required. The impact includes full compromise of confidentiality, integrity, and availability of the affected system. No public exploits have been reported yet, but the vulnerability is publicly disclosed and should be addressed promptly. The lack of available patches at the time of disclosure necessitates interim mitigations to reduce exposure.

If exploited, this vulnerability allows attackers to remotely execute arbitrary code on affected Windows 10 Version 1607 systems running RRAS, potentially leading to full system compromise. This could result in unauthorized access to sensitive data, disruption of network services, and the deployment of malware or ransomware. Organizations relying on RRAS for VPN or routing services are at particular risk, as attackers could leverage this flaw to pivot within internal networks. The vulnerability's network attack vector and low complexity make it attractive for threat actors, especially in environments where Windows 10 Version 1607 remains in use. The impact extends to confidentiality breaches, integrity violations through code execution, and availability disruptions due to potential system crashes or denial of service. Critical infrastructure, government agencies, and enterprises with legacy systems are especially vulnerable, potentially affecting business continuity and data security.

Organizations should immediately inventory and identify systems running Windows 10 Version 1607 with RRAS enabled. Since no official patches are currently available, interim mitigations include restricting RRAS exposure by limiting network access to trusted hosts and networks, disabling RRAS if not required, or applying firewall rules to block suspicious traffic targeting RRAS ports. Monitoring network traffic for anomalous or malformed packets directed at RRAS can help detect exploitation attempts. Employing network segmentation to isolate vulnerable systems reduces attack surface. Organizations should prioritize upgrading affected systems to a supported Windows version with security updates. Once patches are released, they must be applied promptly. Additionally, enforcing the principle of least privilege for users with RRAS access and educating users about the risks of interacting with suspicious network prompts can reduce exploitation likelihood.