CVE-2025-60715: 
vulnerability analysis and mitigation

A heap-based buffer overflow vulnerability (CVE-2025-60715) was discovered in Windows Routing and Remote Access Service (RRAS). The vulnerability was disclosed on November 11, 2025, affecting multiple versions of Microsoft Windows operating systems including Windows 10, Windows 11, and various Windows Server editions (NVD, Rapid7).

The vulnerability is classified as a heap-based buffer overflow (CWE-122) in the Windows Routing and Remote Access Service. Microsoft has assigned it a CVSS v3.1 base score of 8.0 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H, indicating network vector attack capability with low attack complexity requiring low privileges and user interaction (NVD).

If successfully exploited, this vulnerability allows an authorized attacker to execute code over a network, potentially leading to full system compromise with high impacts on confidentiality, integrity, and availability of the affected system (NVD).

Microsoft has released security updates to address this vulnerability across multiple affected versions. Updates are available through various KB articles including KB5068864 for Windows 10 1607, KB5068791 for Windows 10 1809, KB5068781 for Windows 10 21H2/22H2, and several others for different Windows Server versions (Rapid7).