Tracked as CVE-2025-59230, the flaw stems from improper access control, enabling low-privileged users to gain SYSTEM-level access.
Disclosed on October 14, 2025, the vulnerability affects multiple Windows versions and has already drawn attention from threat actors targeting enterprise environments.
The issue resides in RasMan, a core component handling remote access connections like VPNs and dial-up. An authorized local attacker can exploit weak permission checks to manipulate service configurations, bypassing standard privilege boundaries.
With a CVSS v3.1 base score of 7.8 (High severity), it requires only local access and low privileges, making it a prime target for post-compromise escalation in breaches.
Microsoft classifies it as “Exploitation Detected,” indicating real-world attacks, though specifics on affected victims remain undisclosed.
No public proof-of-concept (PoC) code has been released, but security researchers describe potential exploits involving registry manipulation or DLL injection into RasMan processes.
For instance, an attacker might leverage low-integrity processes to overwrite accessible files in the RasMan directory (e.g., C:WindowsSystem32ras), injecting malicious code that executes with elevated rights upon service restart.
This could chain with initial footholds from phishing or unpatched apps, amplifying damage in lateral movement scenarios.
To aid rapid assessment, the following table summarizes key CVE-2025-59230 metrics:
| Metric | Value | Description |
|---|---|---|
| CVSS v3.1 Base Score | 7.8 (High) | Overall severity rating |
| Attack Vector | Local (AV:L) | Requires physical or logged-in access |
| Attack Complexity | Low (AC:L) | Straightforward exploitation |
| Privileges Required | Low (PR:L) | Basic user account suffices |
| User Interaction | None (UI:N) | No victim engagement needed |
| Confidentiality/Integrity/Availability Impact | High (C:H/I:H/A:H) | Full system compromise possible |
| Exploit Maturity | Functional (E:F) | Proof-of-exploits exist in wild |
Affected systems include Windows 10 (versions 1809 and later), Windows 11, and Windows Server 2019-2025. Microsoft urges immediate patching via the October 2025 Patch Tuesday updates, emphasizing that unpatched machines face a high risk from nation-state actors or ransomware groups.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Windows Remote Access Connection Manager 0-Day Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.
Birdbuddy’s smart hummingbird feeder can capture both photo and video of your feathery friends. |…
If you’ve been wanting to try out an Xbox Game Pass Ultimate subscription, today might…
Disney+ has revealed a new discount on its Hulu bundle for March 2026. The offer…
It's smart to have a light source on hand for emergencies, especially since everyday carry…
LG has announced that it's now taking preorders for its next generation of OLED TVs,…
Best Buy is offering an outstanding deal on a laptop that marries powerful gaming performance…
This website uses cookies.