CVE-2026-25172
Published: 10 March 2026
Summary
CVE-2026-25172 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows Server 2012. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 15.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-25172 is an integer overflow or wraparound vulnerability in the Windows Routing and Remote Access Service (RRAS). Published on 2026-03-10T18:18:31.623, it carries a CVSS v3.1 base score of 8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) and maps to CWEs 122 (Heap-based Buffer Overflow) and 190 (Integer Overflow or Wraparound).
The vulnerability allows an authorized attacker to execute code over a network. Exploitation requires low privileges (PR:L), network access (AV:N), low attack complexity (AC:L), and user interaction (UI:R), with no change in scope (S:U). Successful attacks can result in high impacts to confidentiality, integrity, and availability.
Microsoft has published an update guide with details on the vulnerability at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25172.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-10639
Vulnerability details
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Integer overflow leading to heap buffer overflow in the RRAS remote service enables remote code execution by an authenticated network attacker (AV:N/PR:L), directly matching exploitation of remote services for unauthorized code execution and system access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the integer overflow vulnerability in RRAS by requiring timely identification, reporting, and application of vendor-provided patches.
Implements memory protections such as ASLR and DEP that prevent successful exploitation of heap-based buffer overflows triggered by the integer overflow in RRAS.
Reduces exposure to the RRAS vulnerability by disabling or restricting unnecessary routing and remote access functionality when not required.