CVE-2025-59230HIGH 7.8CISA KEVEPSS p83.4%

CVE-2025-59230Microsoft Windows Improper Access Control Vulnerability

Microsoft / Windows

Description

Microsoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges locally.

Scoring

CVSS 3.17.8 (HIGH)
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS2.61% probability of exploitation · percentile 83.4% · 2026-06-18T12:00:27Z
Published2025-10-14
Last modified2025-12-03

CISA KEV entry

Added to KEV: 2025-10-14

Underlying weaknesses· 1

CWE-284

References

  1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59230
  2. https://www.vicarius.io/vsociety/posts/cve-2025-59230-detection-script-elevation-of-privilege-vulnerability-affecting-windows-rasman
  3. https://www.vicarius.io/vsociety/posts/cve-2025-59230-mitigation-script-elevation-of-privilege-vulnerability-affecting-windows-rasman
  4. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59230

1

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-2840%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryMicrosoft Windows Improper Access Control Vulnerabilitykev-cve-2025-592300%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Microsoft Windows Improper Privilege Management Vulnerability
CVE
CVE-2025-33067
CVE
Microsoft Windows SMB Client Improper Access Control Vulnerability
CVE
CVE-2025-53795
CVE
CVE-2026-26119
CVE
CVE-2026-42829
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.