CVE-2025-59230 is a vulnerability classified under CWE-284 (Improper Access Control) found in the Windows Remote Access Connection Manager component of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The flaw allows an attacker with authorized local access to elevate their privileges to SYSTEM level due to insufficient access control enforcement within the component. The vulnerability does not require user interaction and can be exploited with low complexity, given the attacker already has some level of local access (PR:L). The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C) indicates that the attack is local, requires low attack complexity, and privileges, but no user interaction. The impact on confidentiality, integrity, and availability is high, as the attacker can gain full control over the affected system. Although no public exploits are currently known, the vulnerability is critical for environments where Windows 10 Version 1809 is still deployed, especially in enterprise and industrial contexts. The flaw stems from improper access control mechanisms in the Remote Access Connection Manager, which manages VPN and dial-up connections, potentially allowing privilege escalation through crafted local actions. The vulnerability was reserved on 2025-09-11 and published on 2025-10-14, with no patch links currently available, indicating that mitigation options may be limited until official updates are released.

For European organizations, this vulnerability poses a significant risk, particularly in sectors where Windows 10 Version 1809 remains in use, such as manufacturing, healthcare, and government agencies with legacy systems. Successful exploitation could allow attackers to bypass local privilege restrictions, leading to full system compromise, data theft, or disruption of critical services. The ability to escalate privileges locally can facilitate lateral movement within networks, increasing the risk of widespread breaches. Confidentiality, integrity, and availability of sensitive data and systems could be severely impacted. Organizations relying on remote access technologies managed by the vulnerable component are especially at risk. Additionally, the lack of current patches increases exposure time, necessitating immediate compensating controls. The threat is amplified in environments with multiple users sharing systems or where endpoint security is weak. This vulnerability could also be leveraged in targeted attacks against European critical infrastructure, given the strategic importance of such systems.

Until official patches are released, European organizations should implement strict local access controls to limit the number of users with local privileges on Windows 10 Version 1809 systems. Employ application whitelisting and endpoint detection and response (EDR) solutions to monitor and block suspicious privilege escalation attempts. Disable or restrict the use of the Windows Remote Access Connection Manager service where feasible, especially on systems not requiring VPN or dial-up connections. Enforce the principle of least privilege rigorously and audit local user accounts regularly. Network segmentation can reduce the risk of lateral movement if a system is compromised. Maintain up-to-date backups and prepare incident response plans focused on privilege escalation scenarios. Once Microsoft releases patches, prioritize their deployment on all affected systems. Additionally, consider upgrading affected systems to supported Windows versions with active security updates to reduce exposure to this and other vulnerabilities.