CVE-2025-59230

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59230	Vendor Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-59230-detection-script-elevation-of-privilege-vulnerability-affecting-windows-rasman	Third Party Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-59230-mitigation-script-elevation-of-privilege-vulnerability-affecting-windows-rasman	Mitigation Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59230	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_10_1507:::::::x64:*
	cpe:2.3:o:microsoft:windows_10_1507:::::::x86:*
	cpe:2.3:o:microsoft:windows_10_1607:::::::x64:*
	cpe:2.3:o:microsoft:windows_10_1607:::::::x86:*
	cpe:2.3:o:microsoft:windows_10_1809:::::::x64:*
	cpe:2.3:o:microsoft:windows_10_1809:::::::x86:*
	cpe:2.3:o:microsoft:windows_10_21h2::::::::
	cpe:2.3:o:microsoft:windows_10_22h2::::::::
	cpe:2.3:o:microsoft:windows_11_22h2::::::::
	cpe:2.3:o:microsoft:windows_11_23h2::::::::
	cpe:2.3:o:microsoft:windows_11_24h2::::::::
	cpe:2.3:o:microsoft:windows_11_25h2::::::::
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::x86:*
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
	cpe:2.3:o:microsoft:windows_server_2016::::::::
	cpe:2.3:o:microsoft:windows_server_2019::::::::
	cpe:2.3:o:microsoft:windows_server_2022::::::::
	cpe:2.3:o:microsoft:windows_server_2022_23h2::::::::
	cpe:2.3:o:microsoft:windows_server_2025::::::::

History

03 Dec 2025, 13:47

Type	Values Removed	Values Added
References	~~() https://www.vicarius.io/vsociety/posts/cve-2025-59230-detection-script-elevation-of-privilege-vulnerability-affecting-windows-rasman -~~	() https://www.vicarius.io/vsociety/posts/cve-2025-59230-detection-script-elevation-of-privilege-vulnerability-affecting-windows-rasman - Third Party Advisory
References	~~() https://www.vicarius.io/vsociety/posts/cve-2025-59230-mitigation-script-elevation-of-privilege-vulnerability-affecting-windows-rasman -~~	() https://www.vicarius.io/vsociety/posts/cve-2025-59230-mitigation-script-elevation-of-privilege-vulnerability-affecting-windows-rasman - Mitigation, Third Party Advisory

02 Dec 2025, 18:15

Type	Values Removed	Values Added
References		() https://www.vicarius.io/vsociety/posts/cve-2025-59230-detection-script-elevation-of-privilege-vulnerability-affecting-windows-rasman - () https://www.vicarius.io/vsociety/posts/cve-2025-59230-mitigation-script-elevation-of-privilege-vulnerability-affecting-windows-rasman -

Information

Published : 2025-10-14 17:16

Updated : 2025-12-03 13:47

NVD link : CVE-2025-59230

Mitre link : CVE-2025-59230

CVE.ORG link : CVE-2025-59230

JSON object : View

Products Affected

microsoft

windows_server_2019
windows_10_22h2
windows_server_2022
windows_10_1507
windows_11_23h2
windows_11_24h2
windows_server_2008
windows_11_25h2
windows_10_1607
windows_server_2016
windows_server_2012
windows_10_1809
windows_11_22h2
windows_server_2022_23h2
windows_server_2025
windows_10_21h2

CWE

CWE-284

Improper Access Control

7.8 /10