CVE-2025-29959

Q: What is the severity of CVE-2025-29959?

CVE-2025-29959 has a CVSS score of 6.5 (MEDIUM). This vulnerability in Windows Routing and Remote Access Service (RRAS) allows attackers to read uninitialized memory contents, potentially exposing sensitive information like credentials or system data. It affects Windows systems with RRAS enabled and can be exploited over the network by unauthorized users.

6.5 MEDIUM

📋 TL;DR

This vulnerability in Windows Routing and Remote Access Service (RRAS) allows attackers to read uninitialized memory contents, potentially exposing sensitive information like credentials or system data. It affects Windows systems with RRAS enabled and can be exploited over the network by unauthorized users.

💻 Affected Systems

Products:

Windows Routing and Remote Access Service (RRAS)

Versions: Specific Windows versions as listed in Microsoft advisory

Operating Systems: Windows Server and Windows Client versions with RRAS component

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when RRAS is enabled and configured. Not all Windows installations have this service running by default.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive memory contents including passwords, encryption keys, or other confidential data, leading to credential theft or further system compromise.

🟠

Likely Case

Information disclosure of random memory contents, potentially revealing system information or partial data that could aid other attacks.

🟢

If Mitigated

Limited information disclosure with no direct path to system compromise if proper network segmentation and access controls are in place.

🌐 Internet-Facing: HIGH - Network-accessible service that can be exploited without authentication from internet-facing systems.

🏢 Internal Only: MEDIUM - Requires network access to vulnerable RRAS service, but internal attackers could exploit it for information gathering.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires network access to RRAS service but no authentication. Exploitation may require specific conditions to trigger the uninitialized resource.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29959

Restart Required: Yes

Instructions:

1. Apply latest Windows security updates from Microsoft. 2. Verify RRAS service is updated. 3. Restart system if required by update.

🔧 Temporary Workarounds

Disable RRAS if not needed

windows

Turn off Routing and Remote Access Service if not required for business operations

sc config RemoteAccess start= disabled
net stop RemoteAccess

Network segmentation

windows

Restrict network access to RRAS service using firewall rules

New-NetFirewallRule -DisplayName "Block RRAS" -Direction Inbound -Protocol TCP -LocalPort 1723 -Action Block

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach RRAS service
Monitor RRAS service logs for unusual access patterns or information disclosure attempts

🔍 How to Verify

Check if Vulnerable:

Check if RRAS service is enabled and running on Windows systems: Get-Service RemoteAccess

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify Windows update KB number is installed and RRAS service version matches patched version

📡 Detection & Monitoring

Log Indicators:

Unusual RRAS service access patterns
Failed or unusual RRAS connection attempts
Event logs showing RRAS service errors

Network Indicators:

Unexpected network traffic to RRAS ports (typically 1723 for PPTP)
Information disclosure patterns in network traffic

SIEM Query:

source="windows" AND (service="RemoteAccess" OR event_id=20170) AND (src_ip NOT IN allowed_networks)

📊 Metadata

CVE ID: CVE-2025-29959

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-908

EPSS Score: 1.27% exploit probability (79.1th percentile)

Published: May 13, 2025

Last Updated: May 19, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29959 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable RRAS if not needed

Network segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities