vulnerability
Microsoft Windows: CVE-2025-49688: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Jul 8, 2025 | Jul 8, 2025 | May 8, 2026 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Jul 8, 2025
Added
Jul 8, 2025
Modified
May 8, 2026
Description
Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Solutions
microsoft-windows-windows_server_2012_r2-kb5062597microsoft-windows-windows_server_2016-1607-kb5062560microsoft-windows-windows_server_2019-1809-kb5062557microsoft-windows-windows_server_2022-21h2-kb5062572microsoft-windows-windows_server_2022-22h2-kb5062572microsoft-windows-windows_server_2022-23h2-kb5062570microsoft-windows-windows_server_2025-24h2-kb5062553
References
- CVE-2025-49688
- https://attackerkb.com/topics/CVE-2025-49688
- CWE-415
- EUVD-EUVD-2025-20636
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-20636
- https://support.microsoft.com/help/5062553
- https://support.microsoft.com/help/5062557
- https://support.microsoft.com/help/5062560
- https://support.microsoft.com/help/5062570
- https://support.microsoft.com/help/5062572
- https://support.microsoft.com/help/5062597
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.