CVE-2025-59510

Summary

Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 10 Version 160710.0.14393.0 < 10.0.14393.8594affected
MicrosoftWindows 10 Version 180910.0.17763.0 < 10.0.17763.8027affected
MicrosoftWindows 10 Version 21H210.0.19044.0 < 10.0.19044.6575affected
MicrosoftWindows 10 Version 22H210.0.19045.0 < 10.0.19045.6575affected
MicrosoftWindows 11 version 22H310.0.22631.0 < 10.0.22631.6199affected
MicrosoftWindows 11 Version 23H210.0.22631.0 < 10.0.22631.6199affected
MicrosoftWindows 11 Version 24H210.0.26100.0 < 10.0.26100.7171affected
MicrosoftWindows 11 Version 25H210.0.26200.0 < 10.0.26200.7171affected
MicrosoftWindows Server 2012 R26.3.9600.0 < 6.3.9600.22869affected
MicrosoftWindows Server 2012 R2 (Server Core installation)6.3.9600.0 < 6.3.9600.22869affected
MicrosoftWindows Server 201610.0.14393.0 < 10.0.14393.8594affected
MicrosoftWindows Server 2016 (Server Core installation)10.0.14393.0 < 10.0.14393.8594affected
MicrosoftWindows Server 201910.0.17763.0 < 10.0.17763.8027affected
MicrosoftWindows Server 2019 (Server Core installation)10.0.17763.0 < 10.0.17763.8027affected
MicrosoftWindows Server 202210.0.20348.0 < 10.0.20348.4405affected
MicrosoftWindows Server 2022, 23H2 Edition (Server Core installation)10.0.25398.0 < 10.0.25398.1965affected
MicrosoftWindows Server 202510.0.26100.0 < 10.0.26100.7171affected
MicrosoftWindows Server 2025 (Server Core installation)10.0.26100.0 < 10.0.26100.7171affected

Weaknesses

  • CWE-59: CWE-59: Improper Link Resolution Before File Access ('Link Following')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References