CVE-2025-29961

Q: What is the severity of CVE-2025-29961?

CVE-2025-29961 has a CVSS score of 6.5 (MEDIUM). An out-of-bounds read vulnerability in Windows Routing and Remote Access Service (RRAS) allows unauthenticated attackers to read sensitive memory contents over the network. This affects Windows systems with RRAS enabled, potentially exposing system information or credentials. The vulnerability requires network access to the RRAS service.

6.5 MEDIUM

📋 TL;DR

An out-of-bounds read vulnerability in Windows Routing and Remote Access Service (RRAS) allows unauthenticated attackers to read sensitive memory contents over the network. This affects Windows systems with RRAS enabled, potentially exposing system information or credentials. The vulnerability requires network access to the RRAS service.

💻 Affected Systems

Products:

Windows Routing and Remote Access Service (RRAS)

Versions: Specific Windows versions as listed in Microsoft advisory

Operating Systems: Windows Server, Windows Client versions with RRAS

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when RRAS is enabled and configured. Default Windows installations typically do not have RRAS enabled.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive memory contents including credentials, encryption keys, or other system information, leading to privilege escalation or lateral movement.

🟠

Likely Case

Information disclosure of system memory contents, potentially revealing configuration details or partial data that could aid further attacks.

🟢

If Mitigated

Limited information disclosure with no direct code execution, but still providing reconnaissance value to attackers.

🌐 Internet-Facing: MEDIUM - RRAS services exposed to the internet could be targeted, but requires specific service configuration.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this for reconnaissance and information gathering within the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires network access to the RRAS service and understanding of the specific memory layout.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update for specific KB number

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29961

Restart Required: Yes

Instructions:

1. Apply the latest Windows security updates from Microsoft. 2. Ensure RRAS service is restarted after patching. 3. Verify the patch is applied using Windows Update history.

🔧 Temporary Workarounds

Disable RRAS Service

windows

Temporarily disable the Routing and Remote Access Service if not required

sc config RemoteAccess start= disabled
net stop RemoteAccess

Network Segmentation

windows

Restrict network access to RRAS service using firewall rules

netsh advfirewall firewall add rule name="Block RRAS" dir=in action=block protocol=TCP localport=1723,1701,47

🧯 If You Can't Patch

Disable RRAS service if not essential for business operations
Implement strict network access controls to limit exposure to RRAS service

🔍 How to Verify

Check if Vulnerable:

Check if RRAS service is running and compare Windows version against patched versions in Microsoft advisory

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify Windows Update history contains the relevant security update and RRAS service version

📡 Detection & Monitoring

Log Indicators:

Unusual RRAS service access attempts
RRAS service crashes or errors in Event Viewer

Network Indicators:

Unusual network traffic to RRAS ports (1723, 1701, 47)
Multiple connection attempts to RRAS service

SIEM Query:

source="windows" AND (event_id=4625 OR event_id=4776) AND service_name="RemoteAccess"

📊 Metadata

CVE ID: CVE-2025-29961

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-125

EPSS Score: 0.56% exploit probability (67.6th percentile)

Published: May 13, 2025

Last Updated: May 19, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29961 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable RRAS Service

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities