Skip to main content

CVE-2025-47955: CWE-269: Improper Privilege Management in Microsoft Windows 10 Version 1809

High
VulnerabilityCVE-2025-47955cvecve-2025-47955cwe-269
Published: Tue Jun 10 2025 (06/10/2025, 17:02:25 UTC)
Source: CVE Database V5
Vendor/Project: Microsoft
Product: Windows 10 Version 1809

Description

Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

AI-Powered Analysis

AILast updated: 07/10/2025, 23:18:08 UTC

Technical Analysis

CVE-2025-47955 is a high-severity vulnerability affecting Microsoft Windows 10 Version 1809 (build 10.0.17763.0), specifically within the Windows Remote Access Connection Manager component. The vulnerability is classified under CWE-269, which pertains to improper privilege management. This flaw allows an authorized attacker with local access and low privileges to elevate their privileges on the affected system without requiring user interaction. The vulnerability arises because the Remote Access Connection Manager improperly manages privilege levels, enabling an attacker to gain higher privileges than intended. The CVSS v3.1 base score is 7.8, reflecting a high impact on confidentiality, integrity, and availability (all rated high), with low attack complexity and requiring only local access with some privileges (PR:L). The scope remains unchanged (S:U), meaning the vulnerability affects only the vulnerable component and does not extend beyond it. No known exploits are currently reported in the wild, and no official patches have been linked yet, although the vulnerability was published on June 10, 2025. Given the nature of the vulnerability, an attacker who already has some level of access to a system could leverage this flaw to gain administrative privileges, potentially leading to full system compromise, unauthorized data access, or disruption of services.

Potential Impact

For European organizations, this vulnerability poses a significant risk, especially for enterprises and government agencies that continue to operate legacy systems running Windows 10 Version 1809. The ability for a local attacker to escalate privileges can lead to unauthorized access to sensitive data, disruption of critical services, and potential lateral movement within networks. This is particularly concerning in sectors such as finance, healthcare, and critical infrastructure, where confidentiality and availability are paramount. Additionally, organizations with bring-your-own-device (BYOD) policies or those that allow remote access may face increased risk if attackers gain initial footholds with limited privileges. The absence of known exploits in the wild currently reduces immediate risk, but the high severity and ease of exploitation mean that threat actors could develop exploits rapidly once the vulnerability becomes widely known. The lack of a patch at the time of publication further increases exposure for organizations that have not upgraded or mitigated the risk.

Mitigation Recommendations

Given the absence of an official patch, European organizations should implement several specific mitigations: 1) Restrict local access to systems running Windows 10 Version 1809 by enforcing strict physical and logical access controls, including the use of strong authentication and role-based access controls to limit who can log in locally. 2) Employ application whitelisting and endpoint detection and response (EDR) solutions to monitor and block suspicious privilege escalation attempts targeting the Remote Access Connection Manager. 3) Disable or limit the use of Remote Access Connection Manager services where not required, reducing the attack surface. 4) Enforce the principle of least privilege rigorously, ensuring users and processes operate with the minimum necessary permissions. 5) Monitor system logs and security events for unusual activities indicative of privilege escalation attempts. 6) Plan and prioritize upgrading affected systems to later, supported Windows versions where this vulnerability is patched. 7) Implement network segmentation to isolate legacy systems and limit potential lateral movement by attackers who exploit this vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
microsoft
Date Reserved
2025-05-14T14:13:13.464Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68487f521b0bd07c39389c5d

Added to database: 6/10/2025, 6:54:10 PM

Last enriched: 7/10/2025, 11:18:08 PM

Last updated: 8/12/2025, 5:10:43 PM

Views: 25

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats