← ExploitWatch
HomeExploited Vulnerabilities

CVE-2025-59230 — Actively Exploited: Windows (Microsoft)

Microsoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges locally.

CVE IDCVE-2025-59230
VendorMicrosoft
ProductWindows
Vulnerability nameMicrosoft Windows Improper Access Control Vulnerability
Date added2025-10-14
Remediation due2025-11-04
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
DescriptionMicrosoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges locally.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →