Recent RRAS Vulnerabilities in Windows: Protect Your Systems in 2025

As of July 8, 2025, there is no publicly available information regarding a vulnerability identified as CVE-2025-49729 affecting the Windows Routing and Remote Access Service (RRAS). It's possible that this CVE has not been disclosed or documented in public databases.
However, there have been recent vulnerabilities in RRAS that have been documented:

• CVE-2025-33064: This is a heap-based buffer overflow vulnerability in RRAS that allows an authenticated attacker to execute code over a network. An attacker could send a specially crafted protocol message to an RRAS server, potentially leading to remote code execution on the server machine. Microsoft has released patches to address this issue. (bleepingcomputer.com)
• CVE-2025-33066: Another heap-based buffer overflow in RRAS, this vulnerability allows an unauthenticated attacker to execute code over a network. An attacker could send a specially crafted protocol message to an RRAS server, which could lead to remote code execution on the server machine. Patches have been released by Microsoft to mitigate this vulnerability. (bleepingcomputer.com)

Given the critical nature of these vulnerabilities, it's essential to ensure that all systems running RRAS are updated with the latest security patches. Regularly monitoring official Microsoft security advisories and the National Vulnerability Database (NVD) is recommended to stay informed about any new vulnerabilities and their mitigations.

---

Source: MSRC Security Update Guide - Microsoft Security Response Center