Bright Nexus

Published on October 16, 2025

CISA Alerts on Actively Exploited Windows Improper Access Control Flaw

Severity
High

Detail

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert for an actively exploited vulnerability in Microsoft Windows Remote Access Connection Manager.

Tracked as CVE-2025-59230, this vulnerability stems from improper access control (CWE-284) in the Remote Access Connection Manager component, which fails to enforce adequate permission checks on critical system functions. As a result, an attacker with valid credentials could elevate privileges and gain full control of an affected system.

CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog on October 14, 2025, and has set a remediation deadline of November 4, 2025.

Microsoft confirmed that exploitation of this flaw allows attackers to execute arbitrary code, install malware, steal sensitive information, or disrupt essential network operations. The risk is particularly severe in remote work environments where the connection manager is widely used to manage secure corporate connections.

Although no ransomware campaigns have been directly linked to this issue yet, CISA emphasized that it is actively being exploited in the wild, making immediate mitigation critical.

Affected Products

ProductsSolution
Windows (All versions using Remote Access Connection Manager)Apply latest Microsoft security updates and mitigations

Recommendation

CISA urges organizations to:

  • Apply Microsoft’s patches and mitigations immediately.
  • If no patch is available, disable or isolate the vulnerable service based on vendor guidance.
  • Follow Binding Operational Directive (BOD) 22-01 for securing remote management interfaces in cloud-hosted Windows instances.
  • Implement continuous monitoring for privilege escalation attempts and review system logs for abnormal activity.
  • Maintain regular vulnerability scanning and timely patch management to reduce exposure.

Organizations must remediate the flaw before November 4, 2025, to avoid potential exploitation and ensure compliance with CISA’s directive.

Source

https://gbhackers.com/cisa-alerts-on-windows-improper-access-control-flaw/
https://cybersecuritynews.com/windows-improper-access-control-vulnerability/