CVE-2025-59230

Published Oct 14, 2025

Last updated 4 days ago

Exploit knownCVSS high 7.8
RasMan

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-59230 is a zero-day vulnerability in the Remote Access Connection Manager (RasMan) component of Windows. It stems from improper access control within the RasMan service. This vulnerability allows an authorized attacker with low privileges to elevate them to "SYSTEM" level, achieving local privilege escalation. An attacker can manipulate the RasMan process with specially crafted commands to run processes with SYSTEM privileges. CISA has added this to its "Known Exploited Vulnerabilities (KEV)" list.

Description
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Microsoft Windows Improper Access Control Vulnerability
Exploit added on
Oct 14, 2025
Exploit action due
Nov 4, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com
CWE-284

Social media

Hype score
Not currently trending

  1. “Windows”da boşluqlar (CVE-2025-24990, CVE-2025-59230) aşkar olunub. #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/pjHqrLsSKY

    @CERTAzerbaijan

    5 Nov 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CRITICAL: ngCERT cautions on active exploitation of Zero-Day vulnerabilities in Windows Remote Access Connection Manager (Rasman) and Windows Agere Modern Driver services dubbed (CVE-2025-59230 and CVE-2025-24990) Visit our website for more info: https://t.co/1vOpg4nH93 https://

    @ngCERTofficial

    3 Nov 2025

    109 Impressions

    2 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. URGENT ALERT: CVE-2025-59230 (CVSS 7.8) is a critical Windows vulnerability allowing full SYSTEM-level access. This privilege escalation flaw in the Remote Access Connection Manager puts your systems at high risk. Patch immediately! #CyberSecurity #Windows https://t.co/m9RSbgXpVL

    @RoelofMol

    29 Oct 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Microsoft stopped support #Windows10 on 14 Oct. No more official security patches/bug fixes/tech support Attackers quickly targeting unpatched devices. Exploits (CVE-2025-24990: modem driver & CVE-2025-59230: RasMan service) have seen attacks in the last few weeks #CyberSecu

    @a_data_0

    26 Oct 2025

    101 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2025-59230

    @transilienceai

    26 Oct 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Mantap alertnya, @Huntio ! Dua zero-day Windows baru dieksploit di alam liar: CVE-2025-24990 (eskalasi privilege di driver Agere modem) & CVE-2025-59230 (flaw di Remote Access Connection Manager). Komponen usang pun jadi sasaran empuk hacker! Segera patch, monitor driver

    @BJORKANISM_REAL

    25 Oct 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. ⚠️ Two New Windows Zero-Days Exploited in the Wild https://t.co/McHJNHNkOw Microsoft has confirmed two actively exploited zero-day vulnerabilities: CVE-2025-24990 (a privilege escalation in the Agere modem driver present in all Windows versions) and CVE-2025-59230 (an

    @Huntio

    24 Oct 2025

    9867 Impressions

    46 Retweets

    147 Likes

    71 Bookmarks

    0 Replies

    3 Quotes

  8. 🚨 CISO Threat Brief - Oct 22, 2025 CRITICAL ALERTS: 🔴 Microsoft Zero-Days (2 exploited): • CVE-2025-24990: Windows Modem Driver privesc • CVE-2025-59230: RasMan privesc Patch NOW - 172 vulns total in Oct PT 🔴 CISA KEV (Due Nov 10): • CVE-2025-61884: Oracle EBS SS

    @drbinaryai

    23 Oct 2025

    84 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 2/ ⚙️ The first flaw, CVE-2025-59230, affects Windows Remote Access Connection Manager. It lets attackers elevate privileges locally — turning small breaches into full control. This one’s already being exploited.

    @FaheemkAnsari

    21 Oct 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/yCYMV07qCu https://t.co/m5TH6AZFMM

    @dansantanna

    20 Oct 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. هاجم قراصنة #ثغرة خطيرة (CVE-2025-59230) في #Windows Remote Access Connection Manager تسمح لهم بالتحكم الكامل بالنظام عبر تصعيد الصلاحيات لمستوى SYSTEM. الثغرة مستغَلة فعليًا وتتطلب و

    @Infoandtech3

    20 Oct 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Microsoft confirmó la explotación activa de una vulnerabilidad de elevación de privilegios en el servicio Remote Access Connection Manager (RasMan), rastreada como CVE-2025-59230, que permite a un atacante autenticado elevarse a SYSTEM en hosts afectados; el fallo fue abordado

    @tpx_Security

    19 Oct 2025

    157 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2025-59230 - Security Update Guide - Microsoft - Windows Remote Access Connection Manager Elevation of Privilege Vulnerability https://t.co/uw0PsNttce

    @akaclandestine

    19 Oct 2025

    1549 Impressions

    2 Retweets

    13 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  14. Hackers are exploiting a 0-day vulnerability in Windows Remote Access Connection Manager in ongoing attacks. CVE: CVE-2025-59230 https://t.co/fW39mIdAb6

    @DarkWebInformer

    19 Oct 2025

    56199 Impressions

    149 Retweets

    758 Likes

    314 Bookmarks

    10 Replies

    11 Quotes

  15. Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/T6PRIRimG1 https://t.co/zFpHYQTyFj

    @secured_cyber

    19 Oct 2025

    82 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Patch Tuesday brings 175 new CVEs, incl. 8 crit & 6 zero-days. Key alerts: CVE-2025-24990 (Agere Modem Driver), CVE-2025-59230 (RASMAN), and CVE-2025-59287 (WSUS). Watch out for the Cisco IOS/IOS XE SNMP vuln. https://t.co/3eV9FdZgfh #CyberSecurity #PatchTuesday #Infosec

    @pinholedawn

    18 Oct 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/JHvJE2PMei https://t.co/GECC2G5FlR

    @IT_Peurico

    17 Oct 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. MS Patch Alert 🚨 Microsoft: 172 flaws patched, 6 ZERO-DAYS exploited! CVE-2025-59287 (9.8 Critical) CVE-2025-59230 (Active) Win10 EOL today. PATCH NOW! #CyberSecurity #ZeroDay https://t.co/TJ5BFfBnkI

    @Ikram816601

    17 Oct 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. MS Patch Alert 🚨 Microsoft: 172 flaws patched, 6 ZERO-DAYS exploited! CVE-2025-59287 (9.8 Critical) CVE-2025-59230 (Active) Win10 EOL today. PATCH NOW! #CyberSecurity #ZeroDay https://t.co/7VKHnGfUE6

    @MarkHarry439733

    17 Oct 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/uRZdnuzhEC https://t.co/ZAFQu8uEBB

    @pcasano

    17 Oct 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆: 𝗢𝗰𝘁𝗼𝗯𝗲𝗿 𝟮𝟬𝟮𝟱 𝗛𝗶𝗴𝗵𝗹𝗶𝗴𝗵𝘁𝘀 𝗬𝗼𝘂 𝗦𝗵𝗼𝘂𝗹𝗱𝗻’𝘁 𝗠𝗶𝘀𝘀 ▪️ Microsoft has addressed 173 vulnerabilities, three exploited zero-day

    @Action1corp

    17 Oct 2025

    105 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/0YDBcVkBwO https://t.co/wYyzn9LxGI

    @Trej0Jass

    15 Oct 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/n9sOK0EYIX https://t.co/Yey6F3y5ox

    @ggrubamn

    15 Oct 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/2oZtpYVPec https://t.co/nYQsIPcZam

    @EAlexStark

    15 Oct 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. ⚠️Active exploitation: Windows Remote Access Privilege Escalation (CVE-2025-59230). Patch immediately to prevent attackers gaining elevated privileges → https://t.co/cPeiikRvZO #WindowsSecurity #PatchTuesday #cybersecurity https://t.co/SrJ2ZMT68g

    @rapidriskradar

    15 Oct 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. 🚨 Two New #Windows Zero-Days Exploited! ⚠️ One affects every version ever shipped. 🛑 CVE-2025-24990 – Agere Modem Driver Privilege Escalation 🛑 CVE-2025-59230 – RasMan Elevation of Privilege 🔒 Patch now or risk full system compromise. 👉 https://t.co/N4SzKS

    @vulert_official

    15 Oct 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. ⚠ Microsoft patches two Windows zero-days exploited in the wild: CVE-2025-24990 (Agere ltmdm64.sys) & CVE-2025-59230 (RasMan LPE). Patch immediately, hunt for ltmdm64.sys, and follow CISA KEV guidance. #Windows #ZeroDay #InfoSec

    @Wh1teCoon

    15 Oct 2025

    181 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/bEKrYT5wgA https://t.co/vrxgZ3r0mN

    @valterpcjr

    15 Oct 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. CVE-2025-24990 and CVE-2025-59230 active Windows zero days. IGEL Secure Boot bypass. All on CISA KEL. Fix by Nov 4. #Cybersecurity #WindowsZeroDay #ExploitAnalysis #PrivilegeEscalation #RasMan #SecureBootBypass #ThreatHunting #CISA #VulnerabilityResearch #IncidentResponse https:/

    @CloneSystemsInc

    15 Oct 2025

    100 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  30. Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230) https://t.co/UlgXlDxVGu https://t.co/bVFINgfxhZ

    @Art_Capella

    15 Oct 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. ⚠️ @Microsoft “End of 10” Patch Tuesday lands with 172 fixes - including 2 exploited zero-days. This marks the final updates for #Windows10. • CVE-2025-24990 – Agere Modem driver flaw (removed entirely) • CVE-2025-59230 – RasMan exploited zero-day • CVE-2025-5

    @TechNadu

    15 Oct 2025

    240 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. Hackers Exploit Windows RAS Zero-Day in Active Attacks Microsoft confirms active exploitation of CVE-2025-59230, a critical zero-day flaw in Windows Remote Access Connection Manager. Disclosed on October 14, 2025, it allows attackers with limited access to escalate privileges, h

    @Secwiserapp

    15 Oct 2025

    90 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. 🇺🇸 🚨 BREAKING: Microsoft warns of active exploitation of critical zero-day vulnerability (CVE-2025-59230) in Windows Remote Access Connection Manager. Users urged to take immediate action. https://t.co/NqmuRIbKkO #Cybersecurity #OSINT

    @STRATINT_AI

    15 Oct 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Microsoft Patch Tuesday Fixes 175 Flaws, 2 Zero-Days Actively Exploited Microsoft fixed 175 vulnerabilities, including two actively exploited zero-days (CVE-2025-24990 and CVE-2025-59230) with CVSS 7.8. CISA added them to its exploited list. The Agere Modem driver was removed, h

    @Secwiserapp

    14 Oct 2025

    86 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. 𝗧𝗼𝗱𝗮𝘆'𝘀 𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆 𝗼𝘃𝗲𝗿𝘃𝗶𝗲𝘄: ▪️ Microsoft has addressed 173 vulnerabilities, three exploited zero-days (CVE-2025-59230, CVE-2025-47827 and CVE-2025-24990) and three with PoC (CVE-2025-2884, CVE-2

    @Action1corp

    14 Oct 2025

    128 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  36. **CVE-2025-59230** pertains to an **improper access control** flaw within the **Windows Remote Access Connection Manager (RASMAN)** component. This vulnerability allows an **authenticated local attacker** to **elevate privileges** on the affected system, potentially gaining

    @CveTodo

    14 Oct 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.