Tag: CVE-2025-59230
-
Unpatched RasMan Zero-Day Allows Local System Takeover via DoS Crash and RPC Spoofing
The 0patch team has reported that while analyzing CVE-2025-59230 in the Windows Remote Access Connection Manager (RasMan)—a flaw Microsoft addressed with its October 2025 updates—researchers uncovered a working exploit that enables local code execution as Local System from an unprivileged user account. Alongside it, however, they identified a second issue: the exploit relied on a…
-
Windows RasMan Zero-Day: New DoS Flaw Crashes Service, Unofficial Fix Available
A newly discovered flaw in the Windows Remote Access Connection Manager (RasMan) service allows the operating system to be disrupted without administrative privileges. A free, unofficial fix is already available, while Microsoft prepares its own official remedy. RasMan is a core Windows service that starts automatically, runs with SYSTEM privileges, and manages VPN, PPPoE, and…