CVE-2025-26667: Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose…

medium6.5CVSS 3.1

AVNACLPRNUIRSUCHINAN

Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Affected

25 ranges

Vendor	Product	Version range	Fixed in
microsoft	windows_server_2008	—	—
microsoft	windows_server_2008_r2_service_pack_1	>= 6.1.7601.0 < 6.1.7601.27670	6.1.7601.27670
microsoft	windows_server_2008_service_pack_2	>= 6.0.6003.0 < 6.0.6003.23220	6.0.6003.23220
microsoft	windows_server_2012	—	—
microsoft	windows_server_2012	>= 6.2.9200.0 < 6.2.9200.25423	6.2.9200.25423
microsoft	windows_server_2012_r2	>= 6.3.9600.0 < 6.3.9600.22523	6.3.9600.22523
microsoft	windows_server_2016	< 10.0.14393.7969	10.0.14393.7969
microsoft	windows_server_2016	>= 10.0.14393.0 < 10.0.14393.7969	10.0.14393.7969
microsoft	windows_server_2019	< 10.0.17763.7136	10.0.17763.7136
microsoft	windows_server_2019	>= 10.0.17763.0 < 10.0.17763.7136	10.0.17763.7136
microsoft	windows_server_2022	< 10.0.20348.3453	10.0.20348.3453
microsoft	windows_server_2022	>= 10.0.20348.0 < 10.0.20348.3453	10.0.20348.3453
microsoft	windows_server_2022_23h2	< 10.0.25398.1551	10.0.25398.1551
microsoft	windows_server_2025	< 10.0.26100.3775	10.0.26100.3775
microsoft	windows_server_2025	>= 10.0.26100.0 < 10.0.26100.3775	10.0.26100.3775
msrc	windows_server_2008_for_32-bit_systems_service_pack_2	—	—
msrc	windows_server_2008_for_x64-based_systems_service_pack_2	—	—
msrc	windows_server_2008_r2_for_x64-based_systems_service_pack_1	—	—
msrc	windows_server_2012	—	—
msrc	windows_server_2012_r2	—	—
msrc	windows_server_2016	—	—
msrc	windows_server_2019	—	—
msrc	windows_server_2022	—	—
msrc	windows_server_2022_23h2_edition	—	—
msrc	windows_server_2025	—	—