As of July 8, 2025, there is no publicly available information regarding a vulnerability identified as CVE-2025-49676 affecting Windows Routing and Remote Access Service (RRAS). It's possible that this CVE has not been disclosed or documented in public databases.
However, several other vulnerabilities have been identified in Windows RRAS in 2025:
- CVE-2025-26676: A buffer over-read vulnerability in RRAS allows unauthorized attackers to disclose information over a network. (nvd.nist.gov)
- CVE-2025-26667: This vulnerability involves the exposure of sensitive information to unauthorized actors through RRAS, enabling information disclosure over a network. (nvd.nist.gov)
- CVE-2025-29959: A critical memory disclosure vulnerability in RRAS exposes VPN systems to memory leak exploits, potentially revealing sensitive kernel memory contents. (windowsnews.ai)
- CVE-2025-33064: A heap-based buffer overflow in RRAS allows unauthorized attackers to execute code over a network. (ameeba.com)
For the most accurate and up-to-date information on CVE-2025-49676, please refer to official sources like the Microsoft Security Response Center (MSRC) or the National Vulnerability Database (NVD).
Source: MSRC Security Update Guide - Microsoft Security Response Center
