CVE-2025-21208: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

high8.8CVSS 3.1

AVNACLPRNUIRSUCHIHAH

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

25 ranges

Vendor	Product	Version range	Fixed in
microsoft	windows_server_2008	—	—
microsoft	windows_server_2008_r2_service_pack_1	>= 6.1.7601.0 < 6.1.7601.27566	6.1.7601.27566
microsoft	windows_server_2008_service_pack_2	>= 6.0.6003.0 < 6.0.6003.23117	6.0.6003.23117
microsoft	windows_server_2012	—	—
microsoft	windows_server_2012	>= 6.2.9200.0 < 6.2.9200.25317	6.2.9200.25317
microsoft	windows_server_2012_r2	>= 6.3.9600.0 < 6.3.9600.22417	6.3.9600.22417
microsoft	windows_server_2016	< 10.0.14393.7785	10.0.14393.7785
microsoft	windows_server_2016	>= 10.0.14393.0 < 10.0.14393.7785	10.0.14393.7785
microsoft	windows_server_2019	< 10.0.17763.6893	10.0.17763.6893
microsoft	windows_server_2019	>= 10.0.17763.0 < 10.0.17763.6893	10.0.17763.6893
microsoft	windows_server_2022	< 10.0.20348.3207	10.0.20348.3207
microsoft	windows_server_2022	>= 10.0.20348.0 < 10.0.20348.3207	10.0.20348.3207
microsoft	windows_server_2022_23h2	< 10.0.25398.1425	10.0.25398.1425
microsoft	windows_server_2025	< 10.0.26100.3194	10.0.26100.3194
microsoft	windows_server_2025	>= 10.0.26100.0 < 10.0.26100.3194	10.0.26100.3194
msrc	windows_server_2008_for_32-bit_systems_service_pack_2	—	—
msrc	windows_server_2008_for_x64-based_systems_service_pack_2	—	—
msrc	windows_server_2008_r2_for_x64-based_systems_service_pack_1	—	—
msrc	windows_server_2012	—	—
msrc	windows_server_2012_r2	—	—
msrc	windows_server_2016	—	—
msrc	windows_server_2019	—	—
msrc	windows_server_2022	—	—
msrc	windows_server_2022_23h2_edition	—	—
msrc	windows_server_2025	—	—