AI description
CVE-2025-59230 is a zero-day vulnerability in the Remote Access Connection Manager (RasMan) component of Windows. It stems from improper access control within the RasMan service. This vulnerability allows an authorized attacker with low privileges to elevate them to "SYSTEM" level, achieving local privilege escalation. An attacker can manipulate the RasMan process with specially crafted commands to run processes with SYSTEM privileges. CISA has added this to its "Known Exploited Vulnerabilities (KEV)" list.
- Description
- Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Improper Access Control Vulnerability
- Exploit added on
- Oct 14, 2025
- Exploit action due
- Nov 4, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-284
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/yCYMV07qCu https://t.co/m5TH6AZFMM
@dansantanna
20 Oct 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
هاجم قراصنة #ثغرة خطيرة (CVE-2025-59230) في #Windows Remote Access Connection Manager تسمح لهم بالتحكم الكامل بالنظام عبر تصعيد الصلاحيات لمستوى SYSTEM. الثغرة مستغَلة فعليًا وتتطلب و
@Infoandtech3
20 Oct 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft confirmó la explotación activa de una vulnerabilidad de elevación de privilegios en el servicio Remote Access Connection Manager (RasMan), rastreada como CVE-2025-59230, que permite a un atacante autenticado elevarse a SYSTEM en hosts afectados; el fallo fue abordado
@tpx_Security
19 Oct 2025
157 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-59230 - Security Update Guide - Microsoft - Windows Remote Access Connection Manager Elevation of Privilege Vulnerability https://t.co/uw0PsNttce
@akaclandestine
19 Oct 2025
1549 Impressions
2 Retweets
13 Likes
4 Bookmarks
0 Replies
0 Quotes
Hackers are exploiting a 0-day vulnerability in Windows Remote Access Connection Manager in ongoing attacks. CVE: CVE-2025-59230 https://t.co/fW39mIdAb6
@DarkWebInformer
19 Oct 2025
56199 Impressions
149 Retweets
758 Likes
314 Bookmarks
10 Replies
11 Quotes
Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/T6PRIRimG1 https://t.co/zFpHYQTyFj
@secured_cyber
19 Oct 2025
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Patch Tuesday brings 175 new CVEs, incl. 8 crit & 6 zero-days. Key alerts: CVE-2025-24990 (Agere Modem Driver), CVE-2025-59230 (RASMAN), and CVE-2025-59287 (WSUS). Watch out for the Cisco IOS/IOS XE SNMP vuln. https://t.co/3eV9FdZgfh #CyberSecurity #PatchTuesday #Infosec
@pinholedawn
18 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/JHvJE2PMei https://t.co/GECC2G5FlR
@IT_Peurico
17 Oct 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
MS Patch Alert 🚨 Microsoft: 172 flaws patched, 6 ZERO-DAYS exploited! CVE-2025-59287 (9.8 Critical) CVE-2025-59230 (Active) Win10 EOL today. PATCH NOW! #CyberSecurity #ZeroDay https://t.co/TJ5BFfBnkI
@Ikram816601
17 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
MS Patch Alert 🚨 Microsoft: 172 flaws patched, 6 ZERO-DAYS exploited! CVE-2025-59287 (9.8 Critical) CVE-2025-59230 (Active) Win10 EOL today. PATCH NOW! #CyberSecurity #ZeroDay https://t.co/7VKHnGfUE6
@MarkHarry439733
17 Oct 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/uRZdnuzhEC https://t.co/ZAFQu8uEBB
@pcasano
17 Oct 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆: 𝗢𝗰𝘁𝗼𝗯𝗲𝗿 𝟮𝟬𝟮𝟱 𝗛𝗶𝗴𝗵𝗹𝗶𝗴𝗵𝘁𝘀 𝗬𝗼𝘂 𝗦𝗵𝗼𝘂𝗹𝗱𝗻’𝘁 𝗠𝗶𝘀𝘀 ▪️ Microsoft has addressed 173 vulnerabilities, three exploited zero-day
@Action1corp
17 Oct 2025
105 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/0YDBcVkBwO https://t.co/wYyzn9LxGI
@Trej0Jass
15 Oct 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/n9sOK0EYIX https://t.co/Yey6F3y5ox
@ggrubamn
15 Oct 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/2oZtpYVPec https://t.co/nYQsIPcZam
@EAlexStark
15 Oct 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Active exploitation: Windows Remote Access Privilege Escalation (CVE-2025-59230). Patch immediately to prevent attackers gaining elevated privileges → https://t.co/cPeiikRvZO #WindowsSecurity #PatchTuesday #cybersecurity https://t.co/SrJ2ZMT68g
@rapidriskradar
15 Oct 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Two New #Windows Zero-Days Exploited! ⚠️ One affects every version ever shipped. 🛑 CVE-2025-24990 – Agere Modem Driver Privilege Escalation 🛑 CVE-2025-59230 – RasMan Elevation of Privilege 🔒 Patch now or risk full system compromise. 👉 https://t.co/N4SzKS
@vulert_official
15 Oct 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠ Microsoft patches two Windows zero-days exploited in the wild: CVE-2025-24990 (Agere ltmdm64.sys) & CVE-2025-59230 (RasMan LPE). Patch immediately, hunt for ltmdm64.sys, and follow CISA KEV guidance. #Windows #ZeroDay #InfoSec
@Wh1teCoon
15 Oct 2025
181 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/bEKrYT5wgA https://t.co/vrxgZ3r0mN
@valterpcjr
15 Oct 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24990 and CVE-2025-59230 active Windows zero days. IGEL Secure Boot bypass. All on CISA KEL. Fix by Nov 4. #Cybersecurity #WindowsZeroDay #ExploitAnalysis #PrivilegeEscalation #RasMan #SecureBootBypass #ThreatHunting #CISA #VulnerabilityResearch #IncidentResponse https:/
@CloneSystemsInc
15 Oct 2025
100 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/UlgXlDxVGu https://t.co/bVFINgfxhZ
@Art_Capella
15 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ @Microsoft “End of 10” Patch Tuesday lands with 172 fixes - including 2 exploited zero-days. This marks the final updates for #Windows10. • CVE-2025-24990 – Agere Modem driver flaw (removed entirely) • CVE-2025-59230 – RasMan exploited zero-day • CVE-2025-5
@TechNadu
15 Oct 2025
240 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers Exploit Windows RAS Zero-Day in Active Attacks Microsoft confirms active exploitation of CVE-2025-59230, a critical zero-day flaw in Windows Remote Access Connection Manager. Disclosed on October 14, 2025, it allows attackers with limited access to escalate privileges, h
@Secwiserapp
15 Oct 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🇺🇸 🚨 BREAKING: Microsoft warns of active exploitation of critical zero-day vulnerability (CVE-2025-59230) in Windows Remote Access Connection Manager. Users urged to take immediate action. https://t.co/NqmuRIbKkO #Cybersecurity #OSINT
@OSINTMCP
15 Oct 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Patch Tuesday Fixes 175 Flaws, 2 Zero-Days Actively Exploited Microsoft fixed 175 vulnerabilities, including two actively exploited zero-days (CVE-2025-24990 and CVE-2025-59230) with CVSS 7.8. CISA added them to its exploited list. The Agere Modem driver was removed, h
@Secwiserapp
14 Oct 2025
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
𝗧𝗼𝗱𝗮𝘆'𝘀 𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆 𝗼𝘃𝗲𝗿𝘃𝗶𝗲𝘄: ▪️ Microsoft has addressed 173 vulnerabilities, three exploited zero-days (CVE-2025-59230, CVE-2025-47827 and CVE-2025-24990) and three with PoC (CVE-2025-2884, CVE-2
@Action1corp
14 Oct 2025
128 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
**CVE-2025-59230** pertains to an **improper access control** flaw within the **Windows Remote Access Connection Manager (RASMAN)** component. This vulnerability allows an **authenticated local attacker** to **elevate privileges** on the affected system, potentially gaining
@CveTodo
14 Oct 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "030F3214-D6AF-40A9-9FC9-523AC9870581",
"versionEndExcluding": "10.0.10240.21161"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "4932CB20-D134-4EDF-8F21-F9D0AF80BFEA",
"versionEndExcluding": "10.0.10240.21161"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "D8145D41-BFB2-47A6-B5E5-1A038A27C1C1",
"versionEndExcluding": "10.0.14393.8519"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "3EE0CDB1-CBF3-45F2-8F0B-96A9D0757B42",
"versionEndExcluding": "10.0.14393.8519"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "E216CD5B-8885-4E17-8718-97E88A724A44",
"versionEndExcluding": "10.0.17763.7919"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "36E44227-0320-43B1-A0D9-EB28B25CDB4D",
"versionEndExcluding": "10.0.17763.7919"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4AF873E4-B2FE-4504-BFF0-FC71121FC9A4",
"versionEndIncluding": "10.0.22631.6060"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
"versionEndExcluding": "10.0.26200.6899"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "860ADFF9-62D0-425B-9310-99ACFC92EB12",
"versionEndIncluding": "10.0.14393.8519"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD6268EB-C42B-406F-B3FF-6E694F93BF41",
"versionEndIncluding": "10.0.26100.6899"
}
],
"operator": "OR"
}
]
}
]