CVE-2025-62474 is a vulnerability classified under CWE-284 (Improper Access Control) affecting Microsoft Windows 10 Version 1809, specifically the Windows Remote Access Connection Manager component. The flaw allows an attacker with authorized local access to escalate their privileges to a higher level, potentially SYSTEM or administrative privileges, without requiring user interaction. The vulnerability arises due to insufficient access control checks within the Remote Access Connection Manager, enabling privilege escalation. The CVSS v3.1 base score is 7.8, indicating high severity, with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, meaning the attack requires local access and low complexity, with privileges already assigned but limited, no user interaction, unchanged scope, and high impact on confidentiality, integrity, and availability. No public exploits are known at this time, but the vulnerability's nature suggests it could be leveraged for full system compromise by malicious insiders or attackers who have gained limited local access. The affected version is Windows 10 build 17763.0, which corresponds to the 1809 release. Since this version is older, many organizations may have upgraded, but some legacy systems or specialized environments may still run it. The vulnerability was reserved in October 2025 and published in December 2025, with no patch links currently available, indicating that remediation may be pending or in progress.

For European organizations, this vulnerability poses a significant risk, especially in sectors where Windows 10 Version 1809 remains operational, such as manufacturing, healthcare, or government agencies with legacy systems. Successful exploitation could allow attackers to gain administrative privileges locally, leading to full system compromise, data theft, or disruption of critical services. The high impact on confidentiality, integrity, and availability means sensitive data could be exposed or altered, and system availability could be disrupted, affecting business continuity. Given the local access requirement, insider threats or attackers who have already breached perimeter defenses could leverage this vulnerability to escalate privileges and move laterally within networks. This elevates the risk profile for organizations with insufficient endpoint security or weak internal access controls. The lack of known exploits currently reduces immediate risk but does not eliminate the threat, as proof-of-concept or weaponized exploits may emerge.

Organizations should immediately identify and inventory all systems running Windows 10 Version 1809 (build 17763.0) to assess exposure. Since no patch is currently linked, monitoring Microsoft security advisories for updates or hotfixes is critical. In the interim, restrict local access to trusted personnel only and enforce strict access controls and user account management to minimize the risk of unauthorized local access. Employ endpoint detection and response (EDR) solutions to monitor for suspicious privilege escalation attempts. Consider upgrading affected systems to a supported and patched Windows version to eliminate exposure. Network segmentation can limit lateral movement if exploitation occurs. Additionally, implement robust auditing and logging of privilege escalation events to detect potential exploitation attempts early. Educate IT staff about the vulnerability and ensure rapid incident response capabilities are in place.