CVE-2025-62549
Published: 09 December 2025
Summary
CVE-2025-62549 is a high-severity Untrusted Pointer Dereference (CWE-822) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-62549 is an untrusted pointer dereference vulnerability (CWE-822) in the Windows Routing and Remote Access Service (RRAS). Published on 2025-12-09, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and enables an unauthorized attacker to execute code over a network.
The vulnerability can be exploited by an unauthenticated attacker accessible over the network, requiring low attack complexity but user interaction. Successful exploitation grants remote code execution, resulting in high impacts to confidentiality, integrity, and availability within the affected system's scope.
Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62549 details patching information. Vicarius provides a detection script at https://www.vicarius.io/vsociety/posts/cve-2025-62549-detection-script-rce-vulnerability-in-windows-routing-and-remote-access-service and a mitigation script at https://www.vicarius.io/vsociety/posts/cve-2025-62549-mitigation-script-rce-vulnerability-in-windows-routing-and-remote-access-service for this RRAS RCE issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-202246
Vulnerability details
Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2025-62549 enables unauthenticated remote code execution via exploitation of a public-facing Windows RRAS service vulnerability.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the untrusted pointer dereference flaw in RRAS by applying timely vendor patches.
Implements memory protection mechanisms such as ASLR and DEP that prevent exploitation of untrusted pointer dereferences leading to RCE.
Minimizes exposure by configuring systems to disable or restrict unnecessary RRAS functionality, reducing the attack surface for network-based exploitation.