Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.0
Windows RRAS Integer Overflow Allows Remote Code Execution
CVE-2026-25172
Summary
An integer overflow in Windows RRAS can be exploited by an attacker to run malicious code on a network. This means an attacker can potentially take control of a server or system. To protect your network, ensure you're running the latest updates for Windows and RRAS.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| microsoft | windows_server_2012 | All versions | – |
| microsoft | windows_server_2012 | r2 | – |
| microsoft | windows_server_2016 | <= 10.0.14393.8957 | – |
| microsoft | windows_server_2019 | <= 10.0.17763.8511 | – |
| microsoft | windows_server_2022 | <= 10.0.20348.4830 | – |
| microsoft | windows_server_2022_23h2 | <= 10.0.25398.2207 | – |
| microsoft | windows_server_2025 | <= 10.0.26100.32463 | – |
Original title
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Original description
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
nvd CVSS3.1
8.8
Vulnerability type
CWE-122
Heap-based Buffer Overflow
CWE-190
Integer Overflow
Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026