CVE-2025-59230
HIGH KEVWindows Remote Access Connection Manager - Privilege Escalation via Improper Access Control
Title source: llmExploitation Summary
CVE-2025-59230 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added October 14, 2025.
Description
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
patch
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59230
Third Party Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-59230-detection-script-elevation-of-privilege-vulnerability-affecting-windows-rasman
Mitigation, Third Party Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-59230-mitigation-script-elevation-of-privilege-vulnerability-affecting-windows-rasman
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59230
Scores
CVSS v3
7.8
EPSS
0.0447
EPSS Percentile
89.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2025-10-14
VulnCheck KEV
2025-10-14
ENISA EUVD
EUVD-2025-34258
CWE
CWE-284
Status
published
Products (18)
microsoft/windows_10_1507
< 10.0.10240.21161 (2 CPE variants)
microsoft/windows_10_1607
< 10.0.14393.8519 (2 CPE variants)
microsoft/windows_10_1809
< 10.0.17763.7919 (2 CPE variants)
microsoft/windows_10_21h2
< 10.0.19044.6456
microsoft/windows_10_22h2
< 10.0.19045.6456
microsoft/windows_11_22h2
< 10.0.22621.6060
microsoft/windows_11_23h2
< 10.0.22631.6060
microsoft/windows_11_24h2
< 10.0.26100.6899
microsoft/windows_11_25h2
< 10.0.26200.6899
microsoft/windows_server_2008
(2 CPE variants)
... and 8 more
Published
Oct 14, 2025
KEV Added
Oct 14, 2025
Tracked Since
Feb 18, 2026