What is the severity of CVE-2025-29830?

CVE-2025-29830 has a critical severity rating due to its potential for unauthorized information disclosure over the network.

How do I fix CVE-2025-29830?

To mitigate CVE-2025-29830, you should apply the relevant patches provided by Microsoft for your affected Windows version.

What products are affected by CVE-2025-29830?

CVE-2025-29830 affects multiple Microsoft Windows products, including Windows Server 2012 R2, Windows 10, Windows Server 2016, and Windows 11.

Can CVE-2025-29830 be exploited remotely?

Yes, CVE-2025-29830 can be exploited by an unauthorized attacker through remote access.

What types of attacks can be performed using CVE-2025-29830?

The vulnerability allows attackers to disclose sensitive information over the network, which can lead to further exploits.

Vulnerability/
CVE-2025-29830

medium

6.5

CWE

908

13/5/2025

17/5/2025

CVE-2025-29830: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

First published: Tue May 13 2025(Updated: )

<p>Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.</p>

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Windows Server 2012 R2		fix available externally
Microsoft Windows Server		fix available externally fix available externally
Windows 10	=1607	fix available externally
Microsoft Windows Server		fix available externally fix available externally
Microsoft Windows Server 2016		fix available externally
Windows 10	=1809	fix available externally
Windows 11	=24H2	fix available externally fix available externally
Microsoft Windows Server 2022 23H2		fix available externally
Microsoft Windows Server 2008 R2		fix available externally fix available externally
Microsoft Windows Server		fix available externally
Windows 10	=1809	fix available externally
Windows 11	=23H2	fix available externally
Microsoft Windows Server 2016		fix available externally
Windows 10		fix available externally
Microsoft Windows Server 2019		fix available externally
Microsoft Windows Server 2022		fix available externally fix available externally
Windows 11	=22H2	fix available externally
Microsoft Windows Server 2019		fix available externally
Windows 10	=22H2	fix available externally
Microsoft Windows Server 2025		fix available externally fix available externally
Microsoft Windows Server 2012 R2		fix available externally
Windows 10		fix available externally
Windows 11	=22H2	fix available externally
Microsoft Windows Server 2008 R2		fix available externally fix available externally
Microsoft Windows Server 2022		fix available externally fix available externally
Microsoft Windows Server		fix available externally fix available externally
Microsoft Windows Server 2025		fix available externally fix available externally
Windows 10	=21H2	fix available externally
Windows 10	=21H2	fix available externally
Microsoft Windows Server		fix available externally fix available externally
Windows 10	=1607	fix available externally
Windows 10	=22H2	fix available externally
Windows 10	=21H2	fix available externally
Windows 11	=23H2	fix available externally
Windows 10	=22H2	fix available externally
Microsoft Windows Server		fix available externally
Windows 11	=24H2	fix available externally fix available externally

Never miss a vulnerability like this again

Reference Links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29830 (Advisory)

Frequently Asked Questions

What is the severity of CVE-2025-29830?
CVE-2025-29830 has a critical severity rating due to its potential for unauthorized information disclosure over the network.
How do I fix CVE-2025-29830?
To mitigate CVE-2025-29830, you should apply the relevant patches provided by Microsoft for your affected Windows version.
What products are affected by CVE-2025-29830?
CVE-2025-29830 affects multiple Microsoft Windows products, including Windows Server 2012 R2, Windows 10, Windows Server 2016, and Windows 11.
Can CVE-2025-29830 be exploited remotely?
Yes, CVE-2025-29830 can be exploited by an unauthorized attacker through remote access.
What types of attacks can be performed using CVE-2025-29830?
The vulnerability allows attackers to disclose sensitive information over the network, which can lead to further exploits.

collector/mitre-cve
source/MITRE
collector/msrc-cve
source/Microsoft
collector/msrc
agent/references
agent/title
agent/type
agent/first-publish-date
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
agent/author
agent/source
agent/severity
agent/weakness
agent/last-modified-date
agent/tags
agent/description
agent/event
vendor/microsoft
canonical/microsoft windows server 2012 r2
canonical/microsoft windows server
canonical/windows 10
version/windows 10/1607
canonical/microsoft windows server 2016
version/windows 10/1809
canonical/windows 11
version/windows 11/24h2
canonical/microsoft windows server 2022 23h2
canonical/microsoft windows server 2008 r2
version/windows 11/23h2
canonical/microsoft windows server 2019
canonical/microsoft windows server 2022
version/windows 11/22h2
version/windows 10/22h2
canonical/microsoft windows server 2025
version/windows 10/21h2