A critical Windows service vulnerability in the Remote Access Connection Manager (RasMan) has a free, unofficial patch – and a working exploit is available online. Researchers from 0patch found a denial-of-service bug that allows an unauthorized user to crash the Windows service. The issue, CVE-2025-59230, was fixed by Microsoft in October but not before attackers exploited it.
RasMan manages VPN and other remote network connections. The zero-day vulnerability lets an authorized attacker elevate privileges locally and gain SYSTEM privileges. Researchers at 0patch have released a working exploit to stop the RasMan service, releasing an RPC endpoint. This allows for code execution.
Microsoft CEO Mitja Kolsek said the company is aware of the issue but has no word on when it will release an official patch. The unofficial patch is free until Microsoft releases its own fix. A spokesperson from Microsoft says customers who have applied October’s patches for CVE-2025-59230 are protected against exploitation of this vulnerability.
The zero-day bug is due to a coding issue in processing circular linked lists, causing memory access violations and crashing the RasMan service. The 0patch site offers free trials, allowing users to download the patch until Microsoft releases its official fix.
Source: https://www.theregister.com/2025/12/12/microsoft_windows_rasman_dos_0day