MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2025-64678

🔴 HIGH

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Published
Dec 09, 2025
Last Modified
Dec 10, 2025
Views
12
Bookmarks
0

Description

Request Expert Review

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Affected Products (19)

microsoft - windows_10_1607

Version: *

microsoft - windows_10_1607

Version: *

microsoft - windows_10_1809

Version: *

microsoft - windows_10_1809

Version: *

microsoft - windows_10_21h2

Version: *

microsoft - windows_10_22h2

Version: *

microsoft - windows_11_23h2

Version: *

microsoft - windows_11_24h2

Version: *

microsoft - windows_11_25h2

Version: *

microsoft - windows_server_2008

Version: -

microsoft - windows_server_2008

Version: -

microsoft - windows_server_2008

Version: r2

microsoft - windows_server_2012

Version: -

microsoft - windows_server_2012

Version: r2

microsoft - windows_server_2016

Version: *

microsoft - windows_server_2019

Version: *

microsoft - windows_server_2022

Version: *

microsoft - windows_server_2022_23h2

Version: *

microsoft - windows_server_2025

Version: *

CVSS Scores

CVSS 3.1 8.8
8.8
HIGH
CVSS 2.0 8.8

References

msrc.microsoft.com

Additional Information

Source
secure@microsoft.com
State
Analyzed

Related CVEs

CVE-2025-67847

HIGH

A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to ins...

Score: 8.8

CVE-2025-3839

HIGH

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be...

Score: 8.0

CVE-2025-15522

MEDIUM

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scrip...

Score: 6.4

CVE-2026-0796

HIGH

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitra...

Score: 7.2

CVE-2026-0795

HIGH

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitra...

Score: 7.2

CVE-2026-0794

HIGH

ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary cod...

Score: 8.1

Share CVE-2025-64678

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-64678 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis