CVE-2025-62474 is a vulnerability classified under CWE-284 (Improper Access Control) affecting Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The flaw resides in the Windows Remote Access Connection Manager component, which improperly enforces access controls. An attacker with authorized local access can exploit this vulnerability to elevate their privileges on the affected system without requiring any user interaction. The CVSS v3.1 base score is 7.8, indicating a high severity level. The attack vector is local (AV:L), with low attack complexity (AC:L), requiring privileges (PR:L) but no user interaction (UI:N). The scope remains unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). This means an attacker could gain full control over the system, potentially leading to data theft, system manipulation, or denial of service. The vulnerability was reserved on 2025-10-14 and published on 2025-12-09, with no known exploits in the wild yet. No official patches or mitigation links have been released at the time of this report. The vulnerability is particularly dangerous because it allows privilege escalation from an already authorized local user, which could be an insider threat or an attacker who has gained limited access through other means. The Remote Access Connection Manager is a critical Windows service responsible for managing dial-up and VPN connections, so compromising it could affect network connectivity and security configurations.

For European organizations, this vulnerability poses a significant risk especially in environments where Windows 10 Version 1809 is still in use, such as legacy systems in government, healthcare, finance, and critical infrastructure sectors. Successful exploitation can lead to complete system compromise, allowing attackers to bypass security controls, access sensitive data, manipulate system configurations, and disrupt availability. This could result in data breaches, operational downtime, and loss of trust. Since the attack requires local access, organizations with weak internal access controls or those that allow remote desktop or VPN access without strict monitoring are particularly vulnerable. The lack of user interaction requirement increases the risk of automated or stealthy exploitation once local access is obtained. Given the high impact on confidentiality, integrity, and availability, the vulnerability could facilitate lateral movement within networks, escalating the threat to enterprise-wide compromise.

1. Immediately audit and restrict local user permissions to minimize the number of users with authorized local access, especially on systems running Windows 10 Version 1809. 2. Implement strict network segmentation and access controls to limit exposure of vulnerable systems. 3. Monitor logs and alerts for unusual privilege escalation attempts or suspicious activity related to the Remote Access Connection Manager service. 4. Disable or restrict the use of Remote Access Connection Manager if not required for business operations. 5. Prepare for rapid deployment of patches once Microsoft releases an official fix; subscribe to Microsoft security advisories for updates. 6. Employ application whitelisting and endpoint detection and response (EDR) solutions to detect and block exploitation attempts. 7. Conduct user training to reduce insider threat risks and enforce strong authentication mechanisms for local access. 8. Consider upgrading affected systems to a supported and patched Windows version if feasible, as Windows 10 Version 1809 is an older release with limited support.