CVE-2025-62549

High

Published: 09 December 2025

Published

09 December 2025

Modified

24 December 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0010 27.6th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-62549 is a high-severity Untrusted Pointer Dereference (CWE-822) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the untrusted pointer dereference flaw in RRAS by applying timely vendor patches.

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms such as ASLR and DEP that prevent exploitation of untrusted pointer dereferences leading to RCE.

CM-7 Least Functionality partial match

prevent

Minimizes exposure by configuring systems to disable or restrict unnecessary RRAS functionality, reducing the attack surface for network-based exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

CVE-2025-62549 enables unauthenticated remote code execution via exploitation of a public-facing Windows RRAS service vulnerability.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Deeper analysisAI

CVE-2025-62549 is an untrusted pointer dereference vulnerability (CWE-822) in the Windows Routing and Remote Access Service (RRAS). Published on 2025-12-09, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and enables an unauthorized attacker to execute code over a network.

The vulnerability can be exploited by an unauthenticated attacker accessible over the network, requiring low attack complexity but user interaction. Successful exploitation grants remote code execution, resulting in high impacts to confidentiality, integrity, and availability within the affected system's scope.

Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62549 details patching information. Vicarius provides a detection script at https://www.vicarius.io/vsociety/posts/cve-2025-62549-detection-script-rce-vulnerability-in-windows-routing-and-remote-access-service and a mitigation script at https://www.vicarius.io/vsociety/posts/cve-2025-62549-mitigation-script-rce-vulnerability-in-windows-routing-and-remote-access-service for this RRAS RCE issue.

Details

CWE(s): CWE-822

Affected Products

microsoft

windows 10 1607

≤ 10.0.14393.8688 · ≤ 10.0.14393.8688

microsoft

windows 10 1809

≤ 10.0.17763.8146 · ≤ 10.0.17763.8146

microsoft

windows 10 21h2

≤ 10.0.19044.6691

microsoft

windows 10 22h2

≤ 10.0.19045.6691

microsoft

windows 11 23h2

≤ 10.0.22631.6345

microsoft

windows 11 24h2

≤ 10.0.26100.7392

microsoft

windows 11 25h2

≤ 10.0.26200.7392

microsoft

windows server 2008

all versions, r2

microsoft

windows server 2012

all versions, r2

microsoft

windows server 2016

≤ 10.0.14393.8688

+4 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2026-20868Same product: Microsoft Windows 10 1607

CVE-2026-20856Same product: Microsoft Windows 10 1607

CVE-2025-60724Same product: Microsoft Windows 10 1607

CVE-2025-24990Same product: Microsoft Windows 10 1607

CVE-2026-32077Same product: Microsoft Windows 10 1607

CVE-2026-27919Same product: Microsoft Windows 10 1607

CVE-2026-27920Same product: Microsoft Windows 10 1607

CVE-2025-21220Same product: Microsoft Windows 10 1607

CVE-2025-21294Same product: Microsoft Windows 10 1607

CVE-2025-50177Same product: Microsoft Windows 10 1607

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62549
Vendor Advisory · secure@microsoft.com
https://www.vicarius.io/vsociety/posts/cve-2025-62549-detection-script-rce-vulnerability-in-windows-routing-and-remote-access-service
af854a3a-2127-422b-91ae-364da2661108
https://www.vicarius.io/vsociety/posts/cve-2025-62549-mitigation-script-rce-vulnerability-in-windows-routing-and-remote-access-service
af854a3a-2127-422b-91ae-364da2661108