Elevation of Privilege Vulnerability in Windows Remote Access Connection Manager by Microsoft
CVE-2025-59230
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 14 October 2025
Badges
What is CVE-2025-59230?
An improper access control vulnerability in Windows Remote Access Connection Manager could allow an authorized user to elevate their privileges locally. This security flaw may enable attackers to gain unauthorized access to sensitive system resources, increasing the risk of further exploitation and data breaches. It is critical for users to ensure that their systems are up-to-date with the latest security patches to mitigate potential threats. For more details, refer to the official advisory from Microsoft.
CISA has reported CVE-2025-59230
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-59230 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.21161
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8519
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7919