Skip to main content

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:40 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
10.0.22621.5335,6.0.6003.23317,10.0.20348.3692
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17764
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
CVE Published
Jun 10, 2025 - 17:24 nvd
HIGH 7.8

DescriptionCVE.org

Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

AnalysisAI

Privilege escalation vulnerability in Windows Remote Access Connection Manager that allows an authenticated local attacker to elevate privileges to a higher integrity level without user interaction. The vulnerability affects Windows systems with Remote Access Connection Manager enabled and has a CVSS score of 7.8 (High severity). While no active exploitation in the wild has been publicly confirmed at this time, the local attack vector combined with low complexity and no user interaction requirement makes this a significant risk for multi-user or compromised systems where an attacker already has local access.

Technical ContextAI

Windows Remote Access Connection Manager (RAS Connection Manager) is a system service responsible for managing remote access connections including VPN, dial-up, and broadband connections. The vulnerability stems from improper privilege management (CWE-269), which indicates insufficient validation or enforcement of privilege boundaries when handling connection operations. This likely involves a flaw in how the service validates caller privileges before performing sensitive operations that require elevated access, potentially through COM interfaces, RPC endpoints, or named pipes that the service exposes. The issue exists in the authentication/authorization layer where the service fails to properly verify that a caller with limited privileges (PR:L) should not be able to perform actions reserved for system or administrative contexts. The attack likely leverages legitimate RAS APIs or interfaces that the service exposes to local users, but with insufficient privilege checks.

RemediationAI

  1. Apply the security patch released by Microsoft for CVE-2025-47955 to all affected Windows systems immediately, prioritizing: VPN servers, Remote Access servers, and systems in high-privilege environments. 2. Check Microsoft Security Update Guide (portal.msrc.microsoft.com) for specific KB articles corresponding to your Windows version/build. 3. Temporary mitigations pending patch deployment: (a) Restrict local user access through Group Policy and account management, removing unnecessary local accounts; (b) Disable Remote Access Connection Manager service (rasman) if not required for business operations using 'net stop rasman' and setting startup to Disabled in services.msc; (c) Monitor security event logs for RAS-related activity and privilege escalation attempts (Event ID 4672, 4673); (d) Implement application whitelisting to restrict execution of tools that might be used to exploit the vulnerability; (e) Enable Windows Defender Exploit Guard attack surface reduction rules. 4. Validate patch deployment across your infrastructure. 5. Review Microsoft advisory for any additional guidance specific to your environment.
CVE-2021-40444 HIGH POC
8.8 Sep 15

Windows MSHTML component contains a remote code execution vulnerability that allows attackers to craft malicious ActiveX

CVE-2021-1732 HIGH POC
7.8 Feb 25

Windows Win32k contains an out-of-bounds write vulnerability enabling local privilege escalation to SYSTEM, exploited by

CVE-2018-8174 HIGH POC
7.5 May 09

The Windows VBScript engine contains a remote code execution vulnerability in object handling that allows full system co

CVE-2019-0803 HIGH POC
7.8 Apr 09

Windows Win32k fails to properly handle objects in memory, allowing local privilege escalation exploited in the wild in

CVE-2020-1472 MEDIUM POC
5.5 Aug 17

A privilege escalation vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed), EPSS 94% exploitation pr

CVE-2024-30088 HIGH POC
7.0 Jun 11

Windows Kernel contains a TOCTOU race condition vulnerability allowing local privilege escalation, exploited by the OilR

CVE-2025-33053 HIGH POC
8.8 Jun 10

Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables

CVE-2025-33073 HIGH POC
8.8 Jun 10

Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attacker

CVE-2025-13315 CRITICAL POC
9.3 Nov 19

Twonky Server 8.5.2 on Linux and Windows allows unauthenticated access to the admin log file through a web service API b

CVE-2013-10047 CRITICAL POC
9.3 Aug 01

An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote

CVE-2012-10030 CRITICAL POC
9.3 Aug 05

FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbit

CVE-2025-34101 CRITICAL POC
9.3 Jul 10

Serviio Media Server versions 1.4 through 1.8 on Windows contain an unauthenticated command injection in the /rest/actio

Share

EUVD-2025-17764 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy