CVE-2025-54106
Published: 09 September 2025
Summary
CVE-2025-54106 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Microsoft Windows Server 2012. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely remediation of the integer overflow flaw in RRAS through application of the Microsoft security update.
Minimizes attack surface by restricting systems to essential capabilities, such as disabling RRAS when not required.
Enforces boundary protections to monitor and control network communications, limiting exposure of RRAS to unauthorized remote attackers.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Integer overflow RCE in exposed RRAS service directly enables remote exploitation of a network-accessible Windows service without authentication.
NVD Description
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Deeper analysisAI
CVE-2025-54106 is an integer overflow or wraparound vulnerability in the Windows Routing and Remote Access Service (RRAS), published on 2025-09-09T17:15:55.707. It affects Windows systems with RRAS enabled, allowing an unauthorized attacker to execute arbitrary code over a network. The vulnerability has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is linked to CWE-190.
Attackers can exploit this remotely without privileges by luring users into performing an action, such as interacting with a malicious network packet or resource processed by RRAS. Exploitation triggers the integer overflow, enabling code execution with RRAS service privileges, which could result in high-impact outcomes like unauthorized access, data exfiltration, system takeover, or persistence.
The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54106 details the issue and urges applying the released security update as the primary mitigation.
Details
- CWE(s)