CVE-2025-27474

EPSS 1.5%
Veröffentlicht 08.04.2025 17:23:17
Zuletzt bearbeitet 08.07.2025 19:11:07
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 10 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx64

Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86

Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64

Microsoft ≫ Windows Server 2012 Version-

Microsoft ≫ Windows Server 2012 Versionr2

Microsoft ≫ Windows Server 2016 Version < 10.0.14393.7969

Microsoft ≫ Windows Server 2019 Version < 10.0.17763.7136

Microsoft ≫ Windows Server 2022 Version < 10.0.20348.3453

Microsoft ≫ Windows Server 2022 23h2 Version < 10.0.25398.1551

Microsoft ≫ Windows Server 2025 Version < 10.0.26100.3775

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.5%	0.813

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27474

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-27474

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-27474

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27474

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-27474