CVE-2025-29958

Опубликовано: 13 мая 2025

Источник: msrc

CVSS3: 6.5

EPSS Низкий

Описание

Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

FAQ

What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

In a web-based attack scenario, an attacker could host a website or server that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

Обновления

Продукт	Статья	Обновление
Windows Server 2008 for 32-bit Systems Service Pack 2	5058449 5058429	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2	5058449 5058429	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)	5058449 5058429	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	5058430 5058454	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1	5058430 5058454	Monthly Rollup Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)	5058449 5058429	Monthly Rollup Security Only
Windows Server 2012	5058451	Monthly Rollup
Windows Server 2012 (Server Core installation)	5058451	Monthly Rollup
Windows Server 2012 R2	5058403	Monthly Rollup
Windows Server 2012 R2 (Server Core installation)	5058403	Monthly Rollup

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Unlikely

DOS

N/A

EPSS

Процентиль: 42%

0.00198

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2025-29958

CVSS3: 6.5

nvd

около 1 месяца назад

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

GHSA-gfrm-669r-42x9

CVSS3: 6.5

github

около 1 месяца назад

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

BDU:2025-05579

CVSS3: 6.5

fstec

около 1 месяца назад

Уязвимость службы маршрутизации и удаленного доступа Windows RRAS операционной системы Windows, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 42%

0.00198

Низкий

6.5 Medium

CVSS3