CVE-2025-33064

Q: What is the severity of CVE-2025-33064?

CVE-2025-33064 has a CVSS score of 8.8 (HIGH). A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allows authenticated attackers to execute arbitrary code remotely. This affects Windows systems with RRAS enabled, potentially leading to full system compromise. Network administrators and organizations using Windows routing features are primarily at risk.

8.8 HIGH

Remote Code Execution Buffer Overflow

📋 TL;DR

A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allows authenticated attackers to execute arbitrary code remotely. This affects Windows systems with RRAS enabled, potentially leading to full system compromise. Network administrators and organizations using Windows routing features are primarily at risk.

💻 Affected Systems

Products:

Windows Routing and Remote Access Service

Versions: Specific Windows versions to be confirmed via Microsoft advisory

Operating Systems: Windows Server and possibly Windows client versions with RRAS

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when RRAS is enabled and configured. Default Windows installations typically have RRAS disabled.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with SYSTEM privileges, lateral movement across the network, and persistent backdoor installation.

🟠

Likely Case

Remote code execution leading to data theft, ransomware deployment, or network reconnaissance from compromised systems.

🟢

If Mitigated

Limited impact due to network segmentation, strict authentication requirements, and disabled RRAS on non-essential systems.

🌐 Internet-Facing: HIGH if RRAS is exposed to the internet, as authenticated attackers can exploit remotely.

🏢 Internal Only: HIGH for internal networks where attackers have obtained valid credentials or compromised accounts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires network access and valid authentication. Heap manipulation adds complexity but buffer overflow exploitation is well-understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: To be specified in Microsoft's security update

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33064

Restart Required: Yes

Instructions:

1. Apply the latest Windows security updates from Microsoft
2. Ensure RRAS service is restarted after patching
3. Verify patch installation via Windows Update history

🔧 Temporary Workarounds

Disable RRAS Service

windows

Temporarily disable Routing and Remote Access Service if not required

sc config RemoteAccess start= disabled
net stop RemoteAccess

Network Segmentation

all

Isolate RRAS servers from critical network segments

🧯 If You Can't Patch

Implement strict network access controls to limit RRAS exposure
Enable enhanced authentication requirements for RRAS access

🔍 How to Verify

Check if Vulnerable:

Check if RRAS service is running and compare Windows version against affected versions in Microsoft advisory

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify Windows Update installed the security patch and check RRAS service version

📡 Detection & Monitoring

Log Indicators:

Unusual RRAS service crashes
Multiple authentication failures followed by successful RRAS access
Suspicious process creation from RRAS service

Network Indicators:

Abnormal network traffic patterns from RRAS servers
Unexpected outbound connections from RRAS systems

SIEM Query:

EventID:4625 (failed logon) AND ServiceName:RemoteAccess OR EventID:7034 (service crash) AND ServiceName:RemoteAccess

📊 Metadata

CVE ID: CVE-2025-33064

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-122

EPSS Score: 0.14% exploit probability (34.5th percentile)

Published: June 10, 2025

Last Updated: July 10, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33064 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable RRAS Service

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities