Improper Privilege Management in Windows Remote Access Connection Manager by Microsoft
CVE-2025-47955
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 10 June 2025
What is CVE-2025-47955?
CVE-2025-47955 is a vulnerability in the Remote Access Connection Manager component of Microsoft Windows. This component plays a crucial role in facilitating remote access to networks, allowing users to connect to their corporate environments securely. The vulnerability arises from improper privilege management, which can be exploited by an authorized attacker to elevate their privileges locally on the affected system. This flaw could enable attackers to gain unauthorized access to sensitive resources, modify system configurations, or execute arbitrary code, thereby severely undermining an organization's security posture.
Potential impact of CVE-2025-47955
-
Unauthorized Access and Privilege Escalation: Attackers with limited access to compromised machines could leverage this vulnerability to escalate their privileges, gaining higher-level access that could lead to the manipulation of system configurations and sensitive data.
-
Increased Risk of Data Breaches: By elevating their privileges, attackers could access confidential information and critical systems, increasing the likelihood of data breaches that could have severe financial and reputational consequences for organizations.
-
Potential for Malware Deployment: The ability to execute arbitrary code on the affected systems can facilitate the deployment of malware, including ransomware, which could further compromise organizational data and disrupt operations.
Affected Version(s)
Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.21014
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8066
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7314