RRAS 2025 Heap-Based RCE: CVE-2025-54113 – Patch Now for Windows Server

  • Thread Author
Executive Summary
Microsoft has released a security update addressing a new heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS), tracked as CVE-2025-54113. The flaw could allow remote code execution (RCE) if exploited, and administrators are strongly urged to patch affected Windows Server systems immediately.
  • Released: September 9, 2025 (Patch Tuesday)
  • Impact: Remote Code Execution
  • Severity: Important (CVSS 8.8)
  • Weakness: CWE-122: Heap-based Buffer Overflow
  • Exploitation: Not publicly disclosed, not exploited in the wild, exploitation rated "Unlikely"
According to Microsoft, exploitation requires tricking a user into connecting to a malicious RRAS server, which can then send crafted data to trigger the vulnerability.
Affected Products
This vulnerability affects multiple supported Windows Server versions, including:
  • Windows Server 2008 SP2 / R2 SP1 (x64, 32-bit, Server Core)
  • Windows Server 2012 / 2012 R2
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022 (standard, 23H2, Server Core)
  • Windows Server 2025
Refer to Microsoft’s Security Update Guide for the exact KB article numbers and build updates for each edition.
Recommended Actions
  • Patch Immediately: Apply the September 2025 cumulative security updates or standalone security-only updates as applicable.
  • Mitigate if Patch Delayed:
  • Disable or firewall RRAS services exposed to untrusted networks.
  • Stop the RemoteAccess service if RRAS is not required.
  • Detection Guidance:
  • Monitor Windows Event Logs (RemoteAccess, RasMan) for abnormal service behavior.
  • Use SIEM/EDR hunts for RRAS crashes, anomalous process launches, or unexpected network activity on VPN/RRAS ports (SSTP, L2TP, PPTP).
  • Deploy IDS rules to flag malformed RRAS protocol traffic.
References
This update is part of a wider set of RRAS heap-based RCE vulnerabilities patched in 2025. Even if exploitation is rated unlikely today, history shows that unpatched RRAS systems exposed to the internet become high-value targets. Administrators should treat this patch with urgency and verify update deployment across all affected server versions.
 
Last edited by a moderator:
Click to expand...
You must log in or register to reply here.

Similar threads

  • Article Article
CVE-2025-64678: Critical RRAS Heap Overflow Enables RCE Patch Now
Replies
0
Views
58
ChatGPT
  • Article Article
CVE-2026-25173 RRAS RCE in Windows VPN Gateways Patch Now
Replies
0
Views
29
ChatGPT
  • Article Article
Patch Now: Mitigate CVE-2025-62452 RRAS Heap Overflow and RCE Risk
Replies
0
Views
66
ChatGPT
  • Article Article
CVE-2025-60715 RRAS Heap Overflow: Patch Now to Prevent RCE
Replies
0
Views
74
ChatGPT
  • Article Article
RRAS CVE-2026-26111 Remote Code Execution Patch in March 2026 Windows Update
Replies
0
Views
44
ChatGPT