CVE Alert: CVE-2025-59230 - Microsoft - Windows 10 Version 1809

CVE-2025-59230

HIGHExploitation active

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

CVSS v3.1 (7.8)

Vendor

Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft

Product

Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 Version 25H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)

Versions

10.0.17763.0 lt 10.0.17763.7919 | 10.0.17763.0 lt 10.0.17763.7919 | 10.0.17763.0 lt 10.0.17763.7919 | 10.0.20348.0 lt 10.0.20348.4294 | 10.0.19044.0 lt 10.0.19044.6456 | 10.0.22621.0 lt 10.0.22621.6060 | 10.0.19045.0 lt 10.0.19045.6456 | 10.0.26100.0 lt 10.0.26100.6899 | 10.0.26200.0 lt 10.0.26200.6899 | 10.0.22631.0 lt 10.0.22631.6060 | 10.0.22631.0 lt 10.0.22631.6060 | 10.0.25398.0 lt 10.0.25398.1913 | 10.0.26100.0 lt 10.0.26100.6899 | 10.0.26100.0 lt 10.0.26100.6899 | 10.0.10240.0 lt 10.0.10240.21161 | 10.0.14393.0 lt 10.0.14393.8519 | 10.0.14393.0 lt 10.0.14393.8519 | 10.0.14393.0 lt 10.0.14393.8519 | 6.0.6003.0 lt 6.0.6003.23571 | 6.0.6003.0 lt 6.0.6003.23571 | 6.1.7601.0 lt 6.1.7601.27974 | 6.1.7601.0 lt 6.1.7601.27974 | 6.2.9200.0 lt 6.2.9200.25722 | 6.2.9200.0 lt 6.2.9200.25722 | 6.3.9600.0 lt 6.3.9600.22824 | 6.3.9600.0 lt 6.3.9600.22824

CWE

CWE-284, CWE-284: Improper Access Control

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Published

2025-10-14T17:01:43.397Z

Updated

2025-10-14T18:49:15.232Z

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59230

AI Summary Analysis

Risk verdict

Why this matters

Most likely attack path

Who is most exposed

Detection ideas

Logs showing new or modified services related to the Remote Access Connection Manager.
Privilege-escalation indicators in Windows security logs (unusual 4688 events, 4670/7045 related to service/permissions changes).
Anomalous process trees starting from RACM-related binaries with SYSTEM token usage.
Hosts not patched to the identified version ranges; gaps in cumulative updates.
Unexpected RPC/remote-access activity from non-administrative accounts.

Mitigation and prioritisation

Apply the latest available security updates that address this vulnerability; verify patch coverage on all affected platforms.
If patching is not feasible, implement compensating controls: restrict local logon rights, enforce least privilege, disable unnecessary RACM features, and tighten firewall/RPC access to remote endpoints.
Validate remediation via targeted testing and monitor for privilege-escalation attempts post-patch.
Change-management: inventory affected hosts, track patching, and enforce timely rollout.
If KEV is confirmed or EPSS ≥ 0.5, treat as priority 1. If not, proceed as high priority with rapid deployment.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: CVE, cve-2025-59230, microsoft, OSINT, threatintel, windows-10-version-1507, windows-10-version-1607, windows-10-version-1809, windows-10-version-21h2, windows-10-version-22h2, windows-11-version-22h2, windows-11-version-22h3, windows-11-version-23h2, windows-11-version-24h2, windows-11-version-25h2, windows-server-2008-r2-service-pack-1, windows-server-2008-r2-service-pack-1-server-core-installation, windows-server-2008-service-pack-2, windows-server-2008-service-pack-2-server-core-installation, windows-server-2012, windows-server-2012-r2, windows-server-2012-r2-server-core-installation, windows-server-2012-server-core-installation, windows-server-2016, windows-server-2016-server-core-installation, windows-server-2019, windows-server-2019-server-core-installation, windows-server-2022, windows-server-2022-23h2-edition-server-core-installation, windows-server-2025, windows-server-2025-server-core-installation

CVE Alert: CVE-2025-59230 – Microsoft – Windows 10 Version 1809