CVE-2025-49671
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-07-15
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | windows_server_2008 | * |
| microsoft | windows_server_2008 | * |
| microsoft | windows_server_2008 | r2 |
| microsoft | windows_server_2012 | * |
| microsoft | windows_server_2012 | r2 |
| microsoft | windows_server_2016 | to 10.0.14393.8246 (exc) |
| microsoft | windows_server_2019 | to 10.0.17763.7558 (exc) |
| microsoft | windows_server_2022 | to 10.0.20348.3932 (exc) |
| microsoft | windows_server_2022_23h2 | to 10.0.25398.1732 (exc) |
| microsoft | windows_server_2025 | to 10.0.26100.4652 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to expose sensitive information over a network, meaning that confidential data could be disclosed to someone who should not have access to it.
How can this vulnerability impact me? :
The impact of this vulnerability is the unauthorized disclosure of sensitive information, which could lead to privacy breaches, loss of confidentiality, and potential misuse of the exposed data by attackers.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability could negatively affect compliance with standards like GDPR and HIPAA because it involves unauthorized exposure of sensitive information, which these regulations require to be protected to ensure privacy and data security.