CVE-2025-26667 – This vulnerability in Windows Routing and Remot... (How to Fix)

Q: What is the severity of CVE-2025-26667?

CVE-2025-26667 has a CVSS score of 6.5 (MEDIUM). This vulnerability in Windows Routing and Remote Access Service (RRAS) allows unauthorized network attackers to access sensitive information. It affects Windows systems with RRAS enabled, potentially exposing configuration data, credentials, or network details to attackers on the same network segment.

📋 TL;DR

This vulnerability in Windows Routing and Remote Access Service (RRAS) allows unauthorized network attackers to access sensitive information. It affects Windows systems with RRAS enabled, potentially exposing configuration data, credentials, or network details to attackers on the same network segment.

💻 Affected Systems

Products:

Windows Routing and Remote Access Service (RRAS)

Versions: Specific Windows versions as listed in Microsoft advisory

Operating Systems: Windows Server, Windows Client versions with RRAS enabled

Default Config Vulnerable: ✅ No

Notes: Only affects systems with RRAS role/feature enabled. Not vulnerable in default Windows installations.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could obtain administrative credentials, network topology maps, or VPN configuration details leading to full network compromise.

🟠

Likely Case

Unauthorized disclosure of network configuration information, potentially exposing internal IP ranges, routing tables, or service configurations.

🟢

If Mitigated

Limited exposure of non-critical configuration data with proper network segmentation and access controls in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Network access to RRAS service required. No authentication needed for information disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26667

Restart Required: Yes

Instructions:

1. Apply latest Windows security updates from Microsoft Update. 2. Install specific KB patch for affected Windows version. 3. Restart system to complete installation.

🔧 Temporary Workarounds

Disable RRAS if not needed

windows

Remove or disable Routing and Remote Access Service feature

Remove-WindowsFeature -Name RemoteAccess
sc config RemoteAccess start= disabled
net stop RemoteAccess

Network segmentation

windows

Restrict network access to RRAS service using firewall rules

New-NetFirewallRule -DisplayName "Block RRAS External" -Direction Inbound -Protocol TCP -LocalPort 1723,1701,47 -Action Block
New-NetFirewallRule -DisplayName "Block RRAS External" -Direction Inbound -Protocol UDP -LocalPort 500,4500 -Action Block

🧯 If You Can't Patch

Implement strict network access controls to limit which systems can communicate with RRAS service
Monitor RRAS service logs for unusual access patterns or information disclosure attempts

🔍 How to Verify

Check if Vulnerable:

Check if RRAS is enabled: Get-WindowsFeature -Name RemoteAccess | Select-Object Installed

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify Windows Update history for relevant KB patch installation and check RRAS service version

📡 Detection & Monitoring

Log Indicators:

Unusual RRAS service access from unauthorized IPs
RRAS configuration access logs showing unexpected queries

Network Indicators:

Unusual traffic to RRAS ports (1723, 1701, 47, 500, 4500) from unexpected sources

SIEM Query:

source="Windows Security" EventCode=4625 OR EventCode=4688 | where process_name contains "rras" OR service_name contains "RemoteAccess"

📊 Metadata

CVE ID: CVE-2025-26667

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-200

EPSS Score: 4.28% exploit probability (88.6th percentile)

Published: April 8, 2025

Last Updated: July 9, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26667 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-26667, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable RRAS if not needed

Network segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities