CVE-2025-59230
Improper access control in Windows Remote Access Connection Manager allows

Publication date: 2025-10-14

Last updated on: 2025-10-15

Assigner: [email protected]

Description
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Affected Vendors & Products
Vendor Product Version
microsoft windows_remote_access_connection_manager *
microsoft windows_11_24h2 to 10.0.26100.6899 (inc)
microsoft windows_server_2008 *
microsoft windows_server_2012 *
microsoft windows_server_2012 *
microsoft windows_server_2008 *
microsoft windows_10_1507 to 10.0.10240.21161 (inc)
microsoft windows_10_1607 to 10.0.14393.8519 (inc)
microsoft windows_10_1809 to 10.0.17763.7919 (inc)
microsoft windows_server_2016 to 10.0.14393.8519 (exc)
microsoft windows_server_2019 to 10.0.17763.7919 (inc)
microsoft windows_server_2022 to 10.0.20348.4294 (inc)
microsoft windows_server_2022_23h2 to 10.0.25398.1913 (inc)
microsoft windows_server_2025 to 10.0.26100.6899 (exc)
microsoft windows_10_21h2 to 10.0.19044.6456 (inc)
microsoft windows_10_22h2 to 10.0.19045.6456 (inc)
microsoft windows_11_22h2 to 10.0.22621.6060 (inc)
microsoft windows_11_23h2 to 10.0.22631.6060 (exc)
microsoft windows_11_25h2 to 10.0.26200.6899 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?


How can this vulnerability impact me? :


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart
Meta Information
CVE Publication Date:
2025-10-14
CVE Last Modified Date:
2025-10-15
Report Generation Date:
2025-10-18
AI Powered Q&A Generation:
2025-10-14
EPSS Last Evaluated Date:
2025-10-16
NVD Report Link: