Windows RRAS Integer Overflow Allows Remote Code Execution

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.0

Windows RRAS Integer Overflow Allows Remote Code Execution

CVE-2026-25173

Summary

An integer overflow bug in Windows RRAS can allow an authorized attacker to run malicious code on your network. This could happen if an attacker sends a specially crafted packet to a RRAS server. To protect your network, ensure you have the latest Windows updates installed and consider restricting access to RRAS as needed.

Original title

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Original description

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

nvd CVSS3.1 8.0

Vulnerability type

CWE-122 Heap-based Buffer Overflow

CWE-190 Integer Overflow

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25173

Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026