CVE-2026-25172

CVSS v2.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Windows Routing and Remote Access Service (RRAS) (affected versions not specified)

Description An integer overflow or wraparound exists in Windows Routing and Remote Access Service (RRAS), potentially allowing an unauthorized attacker to execute code over a network. This issue enables network-based remote code execution by both unauthorized and authorized users. Three critical bugs have been disclosed, identified as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111.

Recommendations Versions prior to the March 10, 2026 patch are vulnerable.

Fix

RCE

Integer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-122

Related Identifiers

BDU:2026-02993

CVE-2026-25172

Affected Products

Windows

Windows Nt Rras

CVE-2026-25172

Weakness Enumeration

Related Identifiers

Affected Products

References · 16