Tracked as CVE-2025-59230, the flaw stems from improper access control, enabling low-privileged users to gain SYSTEM-level access.
Disclosed on October 14, 2025, the vulnerability affects multiple Windows versions and has already drawn attention from threat actors targeting enterprise environments.
The issue resides in RasMan, a core component handling remote access connections like VPNs and dial-up. An authorized local attacker can exploit weak permission checks to manipulate service configurations, bypassing standard privilege boundaries.
With a CVSS v3.1 base score of 7.8 (High severity), it requires only local access and low privileges, making it a prime target for post-compromise escalation in breaches.
Microsoft classifies it as “Exploitation Detected,” indicating real-world attacks, though specifics on affected victims remain undisclosed.
No public proof-of-concept (PoC) code has been released, but security researchers describe potential exploits involving registry manipulation or DLL injection into RasMan processes.
For instance, an attacker might leverage low-integrity processes to overwrite accessible files in the RasMan directory (e.g., C:WindowsSystem32ras), injecting malicious code that executes with elevated rights upon service restart.
This could chain with initial footholds from phishing or unpatched apps, amplifying damage in lateral movement scenarios.
To aid rapid assessment, the following table summarizes key CVE-2025-59230 metrics:
| Metric | Value | Description |
|---|---|---|
| CVSS v3.1 Base Score | 7.8 (High) | Overall severity rating |
| Attack Vector | Local (AV:L) | Requires physical or logged-in access |
| Attack Complexity | Low (AC:L) | Straightforward exploitation |
| Privileges Required | Low (PR:L) | Basic user account suffices |
| User Interaction | None (UI:N) | No victim engagement needed |
| Confidentiality/Integrity/Availability Impact | High (C:H/I:H/A:H) | Full system compromise possible |
| Exploit Maturity | Functional (E:F) | Proof-of-exploits exist in wild |
Affected systems include Windows 10 (versions 1809 and later), Windows 11, and Windows Server 2019-2025. Microsoft urges immediate patching via the October 2025 Patch Tuesday updates, emphasizing that unpatched machines face a high risk from nation-state actors or ransomware groups.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Windows Remote Access Connection Manager 0-Day Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.
LANSING, MI (WOWO) Michigan is expanding its free pre-kindergarten initiative into home-based child care settings…
A Cursor AI coding agent powered by Anthropic’s Claude Opus 4.6 deleted the entire production…
FORT WAYNE, IND. (WOWO) Opposition is mounting to a proposed limestone quarry development in Allen…
INDIANAPOLIS, IND. (WOWO) Rural Indiana residents and state officials are confronting growing concerns over drone…
Former Assistant Commissioner Paul Raymond had no experience with the prison system when he started…
After a development handoff last year, construction will soon resume on one of the largest…
This website uses cookies.