CVE-2025-21208

CVE-2025-21208 is a remote code execution vulnerability in the Windows Routing and Remote Access Service (RRAS). It stems from issues mapped to CWE-122 (Heap-based Buffer Overflow) and other unspecified weaknesses, earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The vulnerability affects Windows systems with RRAS enabled, as disclosed by Microsoft on February 11, 2025.

An unauthenticated attacker on the network can exploit this vulnerability with low complexity by tricking a user into performing a specific interaction, such as opening a malicious file or clicking a link. Successful exploitation grants remote code execution on the target system with high impacts to confidentiality, integrity, and availability, potentially allowing full system compromise.

Microsoft's Security Response Center provides detailed mitigation guidance, including patching instructions, in their update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21208. Security practitioners should prioritize applying the relevant updates to RRAS-enabled Windows servers and endpoints.