cve 2025 64678

CVE-2025-64678 is a critical heap-based buffer overflow vulnerability in the Windows Routing and Remote Access Service (RRAS) that enables unauthenticated remote code execution over the network. Published in December 2025, this high-severity flaw is a top operational priority for organizations running the RemoteAccess role, including VPN gateways, branch concentrators, and cloud VMs with RRAS enabled. Discussions on WindowsForum.com emphasize the need for immediate patching and mitigation steps to protect exposed RRAS endpoints from exploitation.