CVE-2025-33064 in Windowsinfo

Summary

by MITRE • 06/10/2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 05/16/2026

The heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service represents a critical security flaw that enables remote code execution when exploited by an authenticated attacker. This vulnerability specifically affects the rras.exe process which handles routing and remote access functionality within Windows operating systems. The flaw occurs when the service processes certain network requests containing malformed data that exceeds allocated buffer boundaries in heap memory management. The vulnerability falls under the Common Weakness Enumeration category CWE-121 heap-based buffer overflow, which occurs when data is written beyond the boundaries of a heap-allocated buffer. Attackers can leverage this weakness by crafting malicious network packets that trigger the overflow condition when processed by the RRAS service, potentially allowing them to execute arbitrary code with the privileges of the rras service account. The operational impact of this vulnerability is significant as it provides attackers with a pathway to compromise systems running RRAS functionality, potentially enabling lateral movement within networks, privilege escalation, or complete system takeover. The attack vector requires network access and authentication to the target system, making it more challenging to exploit but still viable in environments where attackers have network connectivity and can authenticate to the system. The vulnerability affects multiple Windows versions including Windows Server 2008, 2012, 2016, and 2019, as well as Windows 10 and 11 systems that have RRAS components installed. According to MITRE ATT&CK framework, this vulnerability maps to technique T1059.007 for remote code execution and T1078 for valid accounts as attackers must possess legitimate credentials to exploit this weakness. The exploitation process typically involves sending specially crafted packets to the RRAS service port, which then processes the malformed data and triggers the buffer overflow in heap memory, potentially leading to code execution. Organizations should implement immediate mitigations including applying security patches from Microsoft, disabling RRAS functionality if not required, implementing network segmentation to limit access to RRAS services, and monitoring for suspicious network traffic patterns that may indicate exploitation attempts. The vulnerability demonstrates the importance of proper input validation and memory management in network services, as heap-based buffer overflows remain one of the most common and dangerous classes of vulnerabilities in network infrastructure software.

Responsible

Microsoft

Disclosure

06/10/2025

Moderation

accepted

CPE

ready

EPSS

0.01140

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!