CVE-2025-49671: Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose…

medium6.5CVSS 3.1

AVNACLPRNUIRSUCHINAN

Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Affected

25 ranges

Vendor	Product	Version range	Fixed in
microsoft	windows_server_2008	—	—
microsoft	windows_server_2008_r2_service_pack_1	>= 6.1.7601.0 < 6.1.7601.27820	6.1.7601.27820
microsoft	windows_server_2008_service_pack_2	>= 6.0.6003.0 < 6.0.6003.23418	6.0.6003.23418
microsoft	windows_server_2012	—	—
microsoft	windows_server_2012	>= 6.2.9200.0 < 6.2.9200.25573	6.2.9200.25573
microsoft	windows_server_2012_r2	>= 6.3.9600.0 < 6.3.9600.22676	6.3.9600.22676
microsoft	windows_server_2016	< 10.0.14393.8246	10.0.14393.8246
microsoft	windows_server_2016	>= 10.0.14393.0 < 10.0.14393.8246	10.0.14393.8246
microsoft	windows_server_2019	< 10.0.17763.7558	10.0.17763.7558
microsoft	windows_server_2019	>= 10.0.17763.0 < 10.0.17763.7558	10.0.17763.7558
microsoft	windows_server_2022	< 10.0.20348.3932	10.0.20348.3932
microsoft	windows_server_2022	>= 10.0.20348.0 < 10.0.20348.3932	10.0.20348.3932
microsoft	windows_server_2022_23h2	< 10.0.25398.1732	10.0.25398.1732
microsoft	windows_server_2025	< 10.0.26100.4652	10.0.26100.4652
microsoft	windows_server_2025	>= 10.0.26100.0 < 10.0.26100.4652	10.0.26100.4652
msrc	windows_server_2008_for_32-bit_systems_service_pack_2	—	—
msrc	windows_server_2008_for_x64-based_systems_service_pack_2	—	—
msrc	windows_server_2008_r2_for_x64-based_systems_service_pack_1	—	—
msrc	windows_server_2012	—	—
msrc	windows_server_2012_r2	—	—
msrc	windows_server_2016	—	—
msrc	windows_server_2019	—	—
msrc	windows_server_2022	—	—
msrc	windows_server_2022_23h2_edition	—	—
msrc	windows_server_2025	—	—