PT-2025-42115 · Microsoft · Windows +1
Published
2025-10-14
·
Updated
2025-11-13
·
CVE-2025-59230
CVSS v3.1
7.8
7.8
High
| Base vector | Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Microsoft Windows versions prior to October 14, 2025
Description
An improper access control flaw exists in the Windows Remote Access Connection Manager (RASMAN) component. This allows an authenticated local attacker to elevate privileges on the affected system, potentially gaining SYSTEM-level access. The issue stems from insufficient validation of user permissions when interacting with the Remote Access Connection Manager. Active exploitation of this zero-day vulnerability, identified as CVE-2025-59230, has been confirmed, with threat actors targeting enterprise environments. Reports indicate that this is the first instance of a vulnerability in RasMan being exploited as a zero-day. The vulnerability has attracted the attention of threat actors and is being actively exploited in attacks.
Recommendations
Update all systems to the version released on or after October 14, 2025.
Run a 30-day retroactive security audit.
Fix
LPE
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com
Weakness Enumeration
Related Identifiers
BDU:2025-12964
CVE-2025-59230
Affected Products
Windows
Rasman
References · 64
- https://bdu.fstec.ru/vul/2025-12964 · Security Note
- https://safe-surf.ru/specialists/bulletins-nkcki/725769 · Security Note
- https://nvd.nist.gov/vuln/detail/CVE-2025-59230 · Security Note
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59230 · Vendor Advisory
- https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-59230 · Vendor Advisory
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59230 · Vendor Advisory
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59230 · Security Note
- https://twitter.com/xiParas/status/1979618747712180549 · Twitter Post
- https://twitter.com/grok/status/1978448635575906465 · Twitter Post
- https://reddit.com/r/ImpMSNews/comments/1o73mva/last_patch_for_windows_10_with_kb5066791_and_5 · Reddit Post
- https://twitter.com/valterpcjr/status/1978458452340146673 · Twitter Post
- https://reddit.com/r/EnterpriseAIBrowser/comments/1o914u7/cybersecurity_roundup_oct_1217_2025_ai_browser · Reddit Post
- https://twitter.com/CloneSystemsInc/status/1978429611609375018 · Twitter Post
- https://t.me/avleonovcom/1593 · Telegram Post
- https://twitter.com/Secwiserapp/status/1978358820754911735 · Twitter Post