CVE-2025-62549

High

Published: 09 December 2025

Published

09 December 2025

Modified

24 December 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0022 44.7th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the untrusted pointer dereference flaw in RRAS by applying timely vendor patches.

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms such as ASLR and DEP that prevent exploitation of untrusted pointer dereferences leading to RCE.

CM-7 Least Functionality partial match

prevent

Minimizes exposure by configuring systems to disable or restrict unnecessary RRAS functionality, reducing the attack surface for network-based exploitation.

Security SummaryAI

CVE-2025-62549 is an untrusted pointer dereference vulnerability (CWE-822) in the Windows Routing and Remote Access Service (RRAS). Published on 2025-12-09, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and enables an unauthorized attacker to execute code over a network.

The vulnerability can be exploited by an unauthenticated attacker accessible over the network, requiring low attack complexity but user interaction. Successful exploitation grants remote code execution, resulting in high impacts to confidentiality, integrity, and availability within the affected system's scope.

Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62549 details patching information. Vicarius provides a detection script at https://www.vicarius.io/vsociety/posts/cve-2025-62549-detection-script-rce-vulnerability-in-windows-routing-and-remote-access-service and a mitigation script at https://www.vicarius.io/vsociety/posts/cve-2025-62549-mitigation-script-rce-vulnerability-in-windows-routing-and-remote-access-service for this RRAS RCE issue.

Details

CWE(s): CWE-822

Affected Products

microsoft

windows 10 1607

≤ 10.0.14393.8688 · ≤ 10.0.14393.8688

microsoft

windows 10 1809

≤ 10.0.17763.8146 · ≤ 10.0.17763.8146

microsoft

windows 10 21h2

≤ 10.0.19044.6691

microsoft

windows 10 22h2

≤ 10.0.19045.6691

microsoft

windows 11 23h2

≤ 10.0.22631.6345

microsoft

windows 11 24h2

≤ 10.0.26100.7392

microsoft

windows 11 25h2

≤ 10.0.26200.7392

microsoft

windows server 2008

all versions, r2

microsoft

windows server 2012

all versions, r2

microsoft

windows server 2016

≤ 10.0.14393.8688

+4 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

CVE-2025-62549 enables unauthenticated remote code execution via exploitation of a public-facing Windows RRAS service vulnerability.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62549
Vendor Advisory · secure@microsoft.com
https://www.vicarius.io/vsociety/posts/cve-2025-62549-detection-script-rce-vulnerability-in-windows-routing-and-remote-access-service
af854a3a-2127-422b-91ae-364da2661108
https://www.vicarius.io/vsociety/posts/cve-2025-62549-mitigation-script-rce-vulnerability-in-windows-routing-and-remote-access-service
af854a3a-2127-422b-91ae-364da2661108