cve 2026 25173

CVE-2026-25173 is a high-severity remote code execution vulnerability in the Windows Routing and Remote Access Service (RRAS), caused by an integer overflow or wraparound. Published on March 10, 2026, it carries a CVSS v3.1 base score of 8.0. The flaw affects Windows VPN gateways, potentially allowing an attacker to execute arbitrary code remotely without authentication. Microsoft has released security patches to address CVE-2026-25173, and administrators are urged to apply updates immediately. Discussions on WindowsForum.com focus on the technical details of the integer overflow, affected systems, and mitigation steps for enterprise environments relying on RRAS for VPN connectivity.