8.8
CVE-2025-49688
- EPSS 0.08%
- Published 08.07.2025 16:57:14
- Last modified 15.07.2025 17:32:18
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
Double free in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Windows Server 2012 Versionr2
Microsoft ≫ Windows Server 2016 Version < 10.0.14393.8246
Microsoft ≫ Windows Server 2019 Version < 10.0.17763.7558
Microsoft ≫ Windows Server 2022 Version < 10.0.20348.3932
Microsoft ≫ Windows Server 2022 23h2 Version < 10.0.25398.1732
Microsoft ≫ Windows Server 2025 Version < 10.0.26100.4652
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.251 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secure@microsoft.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-415 Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.