CVE-2025-58717

Q: What is the severity of CVE-2025-58717?

CVE-2025-58717 has a CVSS score of 6.5 (MEDIUM). An out-of-bounds read vulnerability in Windows Routing and Remote Access Service (RRAS) allows unauthorized attackers to read memory contents they shouldn't access, potentially exposing sensitive information. This affects Windows systems with RRAS enabled, particularly those configured for VPN or routing services.

6.5 MEDIUM

📋 TL;DR

An out-of-bounds read vulnerability in Windows Routing and Remote Access Service (RRAS) allows unauthorized attackers to read memory contents they shouldn't access, potentially exposing sensitive information. This affects Windows systems with RRAS enabled, particularly those configured for VPN or routing services.

💻 Affected Systems

Products:

Windows Routing and Remote Access Service

Versions: Specific Windows versions as listed in Microsoft advisory

Operating Systems: Windows Server and Client versions with RRAS

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when RRAS is enabled and configured. Default Windows installations typically don't have RRAS enabled.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive memory contents including credentials, encryption keys, or other system data, leading to further compromise of the system or network.

🟠

Likely Case

Information disclosure of system memory contents, potentially revealing configuration details or partial data that could aid in further attacks.

🟢

If Mitigated

Limited information disclosure with no direct code execution or system compromise.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires network access to RRAS service. No authentication needed but requires specific conditions to trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update for specific KB number

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58717

Restart Required: Yes

Instructions:

1. Apply latest Windows security updates from Microsoft. 2. Verify RRAS service is updated. 3. Restart system if required by the update.

🔧 Temporary Workarounds

Disable RRAS if not needed

Windows

Disable Routing and Remote Access Service if it's not required for business operations

sc config RemoteAccess start= disabled
net stop RemoteAccess

Restrict network access to RRAS

Windows

Use firewall rules to limit which systems can access RRAS ports

netsh advfirewall firewall add rule name="Block RRAS" dir=in action=block protocol=TCP localport=1723,1701,47

🧯 If You Can't Patch

Implement strict network segmentation to isolate RRAS systems
Monitor RRAS service logs for unusual activity or connection attempts

🔍 How to Verify

Check if Vulnerable:

Check if RRAS is enabled and running, then verify Windows version against patched versions in Microsoft advisory

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify Windows Update history shows the relevant security update installed and RRAS service version

📡 Detection & Monitoring

Log Indicators:

Unusual RRAS service errors
Multiple failed connection attempts to RRAS
Memory access violations in system logs

Network Indicators:

Unusual traffic patterns to RRAS ports (1723, 1701, 47)
Multiple connection attempts from single sources

SIEM Query:

EventID=4625 OR EventID=4688 | where ProcessName contains "svchost" AND CommandLine contains "rras"

📊 Metadata

CVE ID: CVE-2025-58717

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-125

EPSS Score: 0.12% exploit probability (30.8th percentile)

Published: October 14, 2025

Last Updated: October 31, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58717 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows 11 25h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable RRAS if not needed

Restrict network access to RRAS

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities