CVE-2025-59230
Published: 14 October 2025
Summary
CVE-2025-59230 is a high-severity Improper Access Control (CWE-284) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 10.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-7 (Least Functionality).
Deeper analysis
CVE-2025-59230 is an improper access control vulnerability (CWE-284) in the Windows Remote Access Connection Manager (RasMan) service. Published on 2025-10-14, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and enables local privilege escalation on affected Windows systems.
The vulnerability can be exploited by an authorized local attacker possessing low privileges. Exploitation requires low complexity and no user interaction, allowing the attacker to elevate privileges and achieve high impacts on confidentiality, integrity, and availability.
Microsoft's update guide provides details on the vulnerability at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59230. Vicarius offers a detection script and a mitigation script tailored to this elevation of privilege issue in Windows RasMan, available at https://www.vicarius.io/vsociety/posts/cve-2025-59230-detection-script-elevation-of-privilege-vulnerability-affecting-windows-rasman and https://www.vicarius.io/vsociety/posts/cve-2025-59230-mitigation-script-elevation-of-privilege-vulnerability-affecting-windows-rasman, respectively.
The vulnerability appears in CISA's Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59230, indicating real-world exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-34258
Vulnerability details
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
- CWE(s)
- KEV Date Added
- 14 October 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2025-59230 is an improper access control vulnerability in Windows RasMan service enabling local privilege escalation, directly mapping to Exploitation for Privilege Escalation (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the improper access control flaw in the Windows RasMan service by requiring timely application of vendor patches for this specific CVE.
Enforces least privilege for local low-privilege accounts and processes, preventing or limiting successful exploitation of this local privilege escalation vulnerability.
Restricts the RasMan service to least functionality by disabling or configuring it only if essential for remote access, eliminating the vulnerable component's attack surface.