Detections
Analytics

CVE-2025-59230

high

Description

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

From the Tenable Blog

Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230)
Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230)

Published: 2025-10-14

Microsoft addresses 167 CVEs in its largest Patch Tuesday to date, including three zero-day vulnerabilities, two of which were exploited in the wild.

References

https://www.vicarius.io/vsociety/posts/cve-2025-59230-mitigation-script-elevation-of-privilege-vulnerability-affecting-windows-rasman

https://www.vicarius.io/vsociety/posts/cve-2025-59230-detection-script-elevation-of-privilege-vulnerability-affecting-windows-rasman

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59230

https://www.theregister.com/2025/12/12/microsoft_windows_rasman_dos_0day/

https://www.bleepingcomputer.com/news/microsoft/new-windows-rasman-zero-day-flaw-gets-free-unofficial-patches/

https://latesthackingnews.com/2025/10/28/microsoft-october-patch-tuesday-is-huge-with-170-fixes/

https://securityaffairs.com/183479/security/u-s-cisa-adds-skysea-client-view-rapid7-velociraptor-microsoft-windows-and-igel-os-flaws-to-its-known-exploited-vulnerabilities-catalog.html

https://www.securityweek.com/microsoft-patches-173-vulnerabilities-including-exploited-windows-flaws/

https://www.infosecurity-magazine.com/news/last-windows-10-patch-tuesday-six/

https://www.helpnetsecurity.com/2025/10/15/microsoft-patch-tuesday-zero-days-cve-2025-24990-cve-2025-59230-cve-2025-47827/

https://thehackernews.com/2025/10/two-new-windows-zero-days-exploited-in.html

https://www.cisa.gov/news-events/alerts/2025/10/14/cisa-adds-five-known-exploited-vulnerabilities-catalog

https://www.tenable.com/blog/microsofts-october-2025-patch-tuesday-addresses-167-cves-cve-2025-24990-cve-2025-59230

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59230

Details

Source: Mitre, NVD

Published: 2025-10-14

Updated: 2025-12-03

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.05808