CVE-2025-53138 — Use of Uninitialized Resource in Microsoft Windows Server 2008 R2 Service Pack 1

CWE-908 — Use of Uninitialized Resource5 documents4 sources

Severity

5.7MEDIUMNVD

EPSS

0.3%

top 49.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008 R2 Service Pack 1 Microsoft Windows Server 2008 Service Pack 2 Microsoft Windows Server 2012 +7 more

Timeline

PublishedAug 12

Description

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages9 packages

▶CVEListV5microsoft/windows_server_2008_service_pack_26.0.6003.0 — 6.0.6003.23471

▶CVEListV5microsoft/windows_server_2008_r2_service_pack_16.1.7601.0 — 6.1.7601.27872

▶NVDmicrosoft/windows< 10.0.14393.8330+5

▶CVEListV5microsoft/windows_server_20126.2.9200.0 — 6.2.9200.25622

▶CVEListV5microsoft/windows_server_201610.0.14393.0 — 10.0.14393.8330

🔴Vulnerability Details

GHSA

GHSA-78g7-jm5h-pv8q: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network↗2025-08-12

▶

CVEList

Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability↗2025-08-12

▶

📋Vendor Advisories

Microsoft

Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability↗2025-08-12

▶

Microsoft

net/mlx5e: kTLS, Fix incorrect page refcounting↗2024-12-10

▶

External resources

NVD MITRE

Affected products10

Microsoft Windows Server 2008vr2

Microsoft Windows Server 2008 R2 Service Pack 1≥ 6.1.7601.0, < 6.1.7601.27872

Microsoft Windows Server 2008 Service Pack 2≥ 6.0.6003.0, < 6.0.6003.23471

Microsoft Windows Server 2012≥ 6.2.9200.0, < 6.2.9200.25622vr2

Microsoft Windows Server 2012 R2≥ 6.3.9600.0, < 6.3.9600.22725

Microsoft Windows Server 2016≥ 10.0.14393.0, < 10.0.14393.8330fixed in 10.0.14393.8330

Microsoft Windows Server 2019≥ 10.0.17763.0, < 10.0.17763.7678fixed in 10.0.17763.7678

Microsoft Windows Server 2022≥ 10.0.20348.0, < 10.0.20348.4052fixed in 10.0.20348.3989

Microsoft Windows Server 2022 23h2fixed in 10.0.25398.1791

Microsoft Windows Server 2025≥ 10.0.26100.0, < 10.0.26100.4946fixed in 10.0.26100.4851

Disclosure

PublishedAug 12, 2025