๐ŸŸข CVE-2025-59230

CVE-2025-59230 is a local privilege escalation vulnerability in Windows Remote Access Connection Manager with improper access control (CWE-284). The CVSS vector shows AV:L (Local attack vector) requiring an authorized attacker to be locally authenticated, making this not directly exploitable over the internet.

โ† Back to Overview
LOW_RISK
Risk Level
7.8
CVSS Score
LOCAL
Attack Vector
Privilege Escalation
ATT&CK Tactic
T1068 โ€” Exploitation for Privilege Escalation
ATT&CK Technique
N/A
Deployment Risk
No
Ransomware

๐Ÿ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2025-10-14

Added to CISA KEV: 2025-10-14 0 DAY BETWEEN CVE AND KEV

๐ŸŽฏ Recommendations:

๐Ÿ” Web Intelligence (Kagi ยท 2026-06-04)

CVE-2025-59230 is a high-severity security vulnerability affecting the Windows Remote Access Connection Manager (RasMan) service. Below is a summary of the known details regarding this flaw:

Vulnerability Overview
  • Description: The vulnerability is an improper access control flaw within the Windows Remote Access Connection Manager (RasMan) service [1].
  • Impact: Successful exploitation allows an attacker to elevate their privileges locally to `SYSTEM` level, granting them full control over the affected system [2].
  • CVSS Score: 7.8 (High) [3].
Exploitation and Threat Landscape
  • Active Exploitation: Microsoft confirmed that this vulnerability was being actively exploited in the wild [4].
  • Attack Requirements:
* Local Access: The attack must be performed locally on the target machine [1]. * Authorization: The attacker must already have some level of authorized access to the system to initiate the exploit [1].
  • Usage: While active exploitation was confirmed, specific details regarding the use of this vulnerability in widespread ransomware campaigns or specific targeted attacks were not widely publicized at the time of its disclosure in October 2025 [3].
  • Proof-of-Concept: As is common with actively exploited zero-days, security researchers and threat intelligence firms analyzed the flaw, but public, weaponized exploit code is generally restricted to prevent further abuse.
Affected Products and Mitigation
  • Affected Versions: The vulnerability affects every supported release of Windows and Windows Server [2].
  • Patch Status: Microsoft documented and addressed this vulnerability as part of the October 14, 2025, security update cycle [4].
  • Recommendation: Organizations and users are advised to ensure all Windows systems are fully patched with the updates released on or after October 14, 2025, to mitigate the risk of privilege escalation.

Sources

  1. CVE-2025-59230 Detail - NVD

    Description. Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. Metrics. CVSS ...

  2. Two New Windows Zero-Days Exploited in the Wild โ€” One Affects Every ...

    CVE-2025-59230 (CVSS score: 7.8) - Windows Remote Access Connection Manager (RasMan) Elevation of Privilege Vulnerability Microsoft said both issues could allow attackers to execute code with elevated privileges, although there are currently no indications on how they are being exploited and how widโ€ฆ

  3. CVE-2025-59230 and CVE-2025-24990 Vulnerabilities - SOC Prime

    CVE-2025-59230 affects every supported release of Windows and Windows Server, allowing attackers to gain SYSTEM-level privileges, thereby ...

  4. Patch Alert: CVE-2025-59230 RasMan Local Privilege Escalation in ...

    Microsoft documented CVEโ€‘2025โ€‘59230 in the October 14, 2025 update cycle and confirmed active exploitation; multiple independent trackers and vendor analyses corroborated the vendor assessment and urgency. Why RasMan matters to defenders RasMan typically runs with elevated privileges and mediates prโ€ฆ

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

๐Ÿ“„ Download JSON Data | ๐Ÿ“ก RSS Feed