CVE-2025-59230

HighCISA KEVActive Exploitation

Published: 14 October 2025

Published

14 October 2025

Modified

03 December 2025

KEV Added

14 October 2025

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0372 88.0th percentile

Risk Priority 38 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

Security Summary

CVE-2025-59230 is an improper access control vulnerability (CWE-284) in the Windows Remote Access Connection Manager (RasMan) service. Published on 2025-10-14, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and enables local privilege escalation on affected Windows systems.

The vulnerability can be exploited by an authorized local attacker possessing low privileges. Exploitation requires low complexity and no user interaction, allowing the attacker to elevate privileges and achieve high impacts on confidentiality, integrity, and availability.

Microsoft's update guide provides details on the vulnerability at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59230. Vicarius offers a detection script and a mitigation script tailored to this elevation of privilege issue in Windows RasMan, available at https://www.vicarius.io/vsociety/posts/cve-2025-59230-detection-script-elevation-of-privilege-vulnerability-affecting-windows-rasman and https://www.vicarius.io/vsociety/posts/cve-2025-59230-mitigation-script-elevation-of-privilege-vulnerability-affecting-windows-rasman, respectively.

The vulnerability appears in CISA's Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59230, indicating real-world exploitation.

Details

CWE(s): CWE-284
KEV Date Added: 14 October 2025

Affected Products

microsoft

windows 10 1507

≤ 10.0.10240.21161 · ≤ 10.0.10240.21161

microsoft

windows 10 1607

≤ 10.0.14393.8519 · ≤ 10.0.14393.8519

microsoft

windows 10 1809

≤ 10.0.17763.7919 · ≤ 10.0.17763.7919

microsoft

windows 10 21h2

≤ 10.0.19044.6456

microsoft

windows 10 22h2

≤ 10.0.19045.6456

microsoft

windows 11 22h2

≤ 10.0.22621.6060

microsoft

windows 11 23h2

≤ 10.0.22631.6060

microsoft

windows 11 24h2

≤ 10.0.26100.6899

microsoft

windows 11 25h2

≤ 10.0.26200.6899

microsoft

windows server 2008

all versions, r2

+6 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise Techniques

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

CVE-2025-59230 is an improper access control vulnerability in Windows RasMan service enabling local privilege escalation, directly mapping to Exploitation for Privilege Escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59230
Vendor Advisory · secure@microsoft.com
https://www.vicarius.io/vsociety/posts/cve-2025-59230-detection-script-elevation-of-privilege-vulnerability-affecting-windows-rasman
Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108
https://www.vicarius.io/vsociety/posts/cve-2025-59230-mitigation-script-elevation-of-privilege-vulnerability-affecting-windows-rasman
Mitigation, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59230
US Government Resource · 134c704f-9b21-4f2e-91b3-4a467353bcc0