CVE-2025-59230

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to KB5065813 Description An improper access control issue exists in the Windows Remote Access Connection Manager (RasMan). This allows a local attacker to elevate privileges, potentially gaining SYSTEM-level access. The vulnerability involves flaws in access control and is linked to CVE-2025-59230, which was initially patched in October 2025. However, a secondary, previously unknown zero-day flaw remains unpatched, enabling exploitation through a chain of vulnerabilities. Active exploitation of this vulnerability has been confirmed, with attackers leveraging it to gain full control over affected systems. The vulnerability impacts systems running RasMan, a critical Windows service responsible for managing VPN and other remote network connections. A denial-of-service flaw has also been discovered, allowing unprivileged users to crash the RasMan service, which can be used as a stepping stone for privilege escalation. The issue has been observed to affect the functionality of the Azure VPN Client after the installation of update KB5065813. Recommendations Update to Windows versions with KB5065813 or later. As a temporary workaround, consider disabling the RasMan service until a permanent fix is available. If possible, restrict access to the RasMan service to minimize the risk of exploitation.