CVE-2025-49757
Published: 12 August 2025
Summary
CVE-2025-49757 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 21.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-49757 is a heap-based buffer overflow vulnerability, tracked under CWE-122, that affects the Windows Routing and Remote Access Service (RRAS). The flaw carries a CVSS 3.1 score of 8.8 and was published on 12 August 2025.
An unauthorized attacker can exploit the issue over a network with no privileges required and only user interaction needed, resulting in arbitrary code execution that impacts confidentiality, integrity, and availability.
The associated Microsoft Security Response Center advisory is available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49757. The EPSS score remains low and flat at 0.0113 with no observed rise after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24360
Vulnerability details
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap buffer overflow in RRAS service directly enables remote code execution over the network without authentication.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the heap-based buffer overflow in Windows RRAS by requiring timely installation of vendor patches as specified in Microsoft's advisory.
Implements memory protection safeguards such as DEP and ASLR that directly mitigate heap-based buffer overflow exploits leading to remote code execution.
Requires validation of network inputs to RRAS to prevent malformed data from triggering the heap buffer overflow vulnerability.