Microsoft has identified a critical zero-day vulnerability in the Windows Remote Access Connection Manager, labeled CVE-2025-59230, which is currently being exploited by hackers. Disclosed on October 14, 2025, this flaw allows attackers with limited access to escalate privileges to the highest system level, potentially taking full control of affected systems.
The vulnerability arises from inadequate access control within the service responsible for managing remote network connections in Windows. With a CVSS base score of 7.8, it is deemed important by Microsoft, indicating significant risk. Attackers need local access to the target system, typically starting with low-level user privileges, but the exploit requires no user interaction and is relatively straightforward.
The main concern is the possibility of privilege escalation to the SYSTEM level, granting attackers the ability to manipulate data, install malware, create new admin accounts, and ensure persistent access. Microsoft confirms the existence of functional exploit code and active exploitation in real-world scenarios, although the vulnerability was not publicly disclosed before their announcement.
This situation underscores the urgent need for organizations to apply security patches promptly. The Windows Remote Access Connection Manager is present in various Windows versions, potentially putting millions of systems at risk. Security experts advise prioritizing patching, especially for systems with multiple users or those connected to corporate networks. Monitoring for unusual privilege escalation and reviewing system logs for signs of compromise are also recommended actions.
