CVE-2025-27474

Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

Description

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

INFO

Published Date :

2025-04-08T17:23:17.313Z

Last Modified :

2026-02-13T19:32:34.109Z

Source :

microsoft

AFFECTED PRODUCTS

The following products are affected by CVE-2025-27474 vulnerability.

Vendors	Products
Microsoft	Windows Server 2008 Windows Server 2008 R2 Windows Server 2008 Sp2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Windows Server 2022 Windows Server 2022 23h2 Windows Server 2025 Windows Server 23h2

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-27474.

URL	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27474

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact