CVE-2025-60715

Q: What is the severity of CVE-2025-60715?

CVE-2025-60715 has a CVSS score of 8.0 (HIGH). A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allows authenticated attackers to execute arbitrary code remotely. This affects Windows systems with RRAS enabled, potentially allowing attackers to gain SYSTEM privileges on vulnerable servers. Organizations using Windows servers for routing or VPN services are primarily affected.

8.0 HIGH

Remote Code Execution Buffer Overflow

📋 TL;DR

A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allows authenticated attackers to execute arbitrary code remotely. This affects Windows systems with RRAS enabled, potentially allowing attackers to gain SYSTEM privileges on vulnerable servers. Organizations using Windows servers for routing or VPN services are primarily affected.

💻 Affected Systems

Products:

Windows Routing and Remote Access Service (RRAS)

Versions: Windows Server 2019, Windows Server 2022, Windows 10, Windows 11 (specific versions detailed in Microsoft advisory)

Operating Systems: Windows

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when RRAS is enabled and configured. Default Windows installations typically do not have RRAS enabled.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with SYSTEM privileges, enabling persistent backdoors, lateral movement, and data exfiltration across the network.

🟠

Likely Case

Remote code execution leading to service disruption, credential theft, and installation of malware on vulnerable RRAS servers.

🟢

If Mitigated

Limited impact due to network segmentation, proper authentication controls, and exploit prevention technologies blocking the attack.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires network access and valid authentication credentials. Heap manipulation adds complexity but buffer overflow exploitation is well-understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Microsoft Security Update for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60715

Restart Required: Yes

Instructions:

1. Apply the latest Windows security updates from Microsoft. 2. Restart affected systems. 3. Verify RRAS service is running properly after patching.

🔧 Temporary Workarounds

Disable RRAS Service

windows

Temporarily disable the Routing and Remote Access Service if not required

sc config RemoteAccess start= disabled
net stop RemoteAccess

Network Segmentation

all

Restrict network access to RRAS servers using firewalls

🧯 If You Can't Patch

Implement strict network access controls to limit connections to RRAS servers
Enable exploit protection technologies like Control Flow Guard (CFG) and Data Execution Prevention (DEP)

🔍 How to Verify

Check if Vulnerable:

Check if RRAS service is running and compare Windows version/build against patched versions in Microsoft advisory

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify Windows Update history shows the security patch applied and RRAS service version matches patched release

📡 Detection & Monitoring

Log Indicators:

Unusual RRAS service crashes
Failed authentication attempts followed by successful connections
Process creation from RRAS service context

Network Indicators:

Unusual network traffic patterns to/from RRAS ports
Suspicious payloads in RRAS protocol communications

SIEM Query:

source="windows" AND (event_id=4625 OR event_id=4688) AND process_name="svchost.exe" AND service_name="RemoteAccess"

📊 Metadata

CVE ID: CVE-2025-60715

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-122

EPSS Score: 0.08% exploit probability (24th percentile)

Published: November 11, 2025

Last Updated: November 17, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60715 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows 11 25h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable RRAS Service

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities