CVE-2025-59230
Published: 14 October 2025
Summary
CVE-2025-59230 is a high-severity Improper Access Control (CWE-284) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 11.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-7 (Least Functionality).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the improper access control flaw in the Windows RasMan service by requiring timely application of vendor patches for this specific CVE.
Enforces least privilege for local low-privilege accounts and processes, preventing or limiting successful exploitation of this local privilege escalation vulnerability.
Restricts the RasMan service to least functionality by disabling or configuring it only if essential for remote access, eliminating the vulnerable component's attack surface.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2025-59230 is an improper access control vulnerability in Windows RasMan service enabling local privilege escalation, directly mapping to Exploitation for Privilege Escalation (T1068).
NVD Description
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
Deeper analysisAI
CVE-2025-59230 is an improper access control vulnerability (CWE-284) in the Windows Remote Access Connection Manager (RasMan) service. Published on 2025-10-14, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and enables local privilege escalation on affected Windows systems.
The vulnerability can be exploited by an authorized local attacker possessing low privileges. Exploitation requires low complexity and no user interaction, allowing the attacker to elevate privileges and achieve high impacts on confidentiality, integrity, and availability.
Microsoft's update guide provides details on the vulnerability at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59230. Vicarius offers a detection script and a mitigation script tailored to this elevation of privilege issue in Windows RasMan, available at https://www.vicarius.io/vsociety/posts/cve-2025-59230-detection-script-elevation-of-privilege-vulnerability-affecting-windows-rasman and https://www.vicarius.io/vsociety/posts/cve-2025-59230-mitigation-script-elevation-of-privilege-vulnerability-affecting-windows-rasman, respectively.
The vulnerability appears in CISA's Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59230, indicating real-world exploitation.
Details
- CWE(s)
- KEV Date Added
- 14 October 2025