CVE-2025-47955

Published Jun 10, 2025

Last updated 3 months ago

CVSS high 7.8
Windows
RasMan

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-47955 is an elevation of privilege vulnerability affecting the Windows Remote Access Connection Manager. Disclosed on June 10, 2025, as part of Microsoft's June 2025 Patch Tuesday updates, it allows an authorized attacker with local access to elevate their privileges on affected Windows systems. The vulnerability is due to improper privilege management and has a CVSS v3.1 base score of 7.8 (High). Successful exploitation could lead to a complete compromise of confidentiality, integrity, and availability of the targeted system. Microsoft has released a security update to address this vulnerability.

Description
Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-269

Social media

Hype score
Not currently trending

  1. Positive Technologies помогла исправить уязвимость в Windows Специалист PT SWARM Сергей Близнюк обнаружил уязвимость CVE-2025-47955, затрагивавшую 37 продуктов Microsoft. Уязвимос

    @pc7ooo

    28 Jul 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Positive Technologies помогла исправить уязвимость в Windows Специалист PT SWARM Сергей Близнюк обнаружил уязвимость CVE-2025-47955, затрагивавшую 37 продуктов Microsoft (включая а

    @XakepRU

    28 Jul 2025

    510 Impressions

    1 Retweet

    1 Like

    2 Bookmarks

    0 Replies

    0 Quotes

  3. The following vulnerabilities have been added to our feed: - CVE-2025-32756: multiple Fortinet products Buffer Overflow RCE - CVE-2025-47955: Windows RasMan LPE - CVE-2025-1758: Kemp LoadMaster Stack Overflow DoS https://t.co/Nw6eZdt4CA https://t.co/85uWHVU04L

    @crowdfense

    26 Jun 2025

    7113 Impressions

    7 Retweets

    35 Likes

    21 Bookmarks

    0 Replies

    2 Quotes

  4. 🔥 Microsoft fixed CVE-2025-47955, discovered by our researcher Sergey Bliznyuk! This vulnerability allows a locally authenticated attacker to elevate privileges to SYSTEM via the Windows RasMan service. 🔗 Advisory: https://t.co/4aufMgoVTl https://t.co/jobat5h1mO

    @ptswarm

    17 Jun 2025

    9127 Impressions

    43 Retweets

    125 Likes

    48 Bookmarks

    0 Replies

    1 Quote

  5. CVE-2025-47955 Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. https://t.co/GvJSNvouln

    @CVEnew

    10 Jun 2025

    172 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.