Improper Access Control in Windows Remote Access Connection Manager
CVE-2025-62474

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022
Vendor: CVE Published:; 9 December 2025

🔔 Create Microsoft Vulnerability Alert

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2025-62474?

A vulnerability in Windows Remote Access Connection Manager could allow a local attacker with authorized access to elevate their privileges. This unauthorized elevation can grant higher user permissions than intended, potentially leading to significant security risks for affected systems.

Affected Version(s)

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8688

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.8146

Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.6691

News Articles

Privilege Escalation Flaw Found in Windows Remote Access Connection Manager

The vulnerabilities stem from distinct technical weaknesses in the Remote Access Connection Manager component.

3 weeks ago

thmubnail image

Windows Remote Access Connection Manager Flaws Allow Privilege Escalation

Microsoft disclosed two elevation-of-privilege vulnerabilities in Windows Remote Access Connection Manager this week, both rated Important.

3 weeks ago

thmubnail image

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Dec 12, 2025
📰
First article discovered by gbhackers.com
Dec 12, 2025
Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Oct 14, 2025

.

CVE-2025-62474 : Improper Access Control in Windows Remote Access Connection Manager