Platform
windows
Component
windows-remote-access-connection-manager
Fixed in
10.0.10240.21014
10.0.14393.8066
10.0.17763.7314
10.0.19044.5854
10.0.19045.5854
10.0.22621.5335
10.0.22631.5335
10.0.26100.4061
6.1.7601.27729
CVE-2025-47955 is a high-severity vulnerability affecting the Windows Remote Access Connection Manager. This improper privilege management flaw allows an authenticated attacker to elevate their privileges locally on the affected system. The vulnerability impacts Windows versions 10 and earlier, specifically those with Remote Access Connection Manager versions less than or equal to 10.0.26100.4061. Microsoft has released a patch to address this issue.
Successful exploitation of CVE-2025-47955 allows an attacker who has already gained some level of access to a system to significantly escalate their privileges. This could enable them to gain SYSTEM-level access, granting them complete control over the compromised machine. An attacker could then install malware, steal sensitive data, modify system configurations, or pivot to other systems on the network. The impact is particularly severe in environments where user accounts have elevated privileges or where Remote Access Connection Manager is used to manage connections for privileged users. This vulnerability shares similarities with other privilege escalation flaws where improper access controls are exploited to gain higher permissions.
CVE-2025-47955 was published on 2025-06-10. The EPSS score is pending evaluation, but the HIGH CVSS score suggests a moderate probability of exploitation. Currently, no public proof-of-concept (PoC) exploits are known, but the nature of privilege escalation vulnerabilities often makes them attractive targets for attackers. Monitor security advisories and threat intelligence feeds for any indications of active exploitation.
Exploit Status
EPSS
0.30% (53% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-47955 is to upgrade the Windows Remote Access Connection Manager to version 10.0.26100.4061 or later. If immediate patching is not possible, consider implementing least privilege principles to restrict user access and limit the potential impact of a successful exploit. Review existing group policies and user account permissions to ensure they adhere to the principle of least privilege. While a direct workaround isn't available, monitoring for suspicious privilege escalation attempts is crucial. After upgrading, confirm the fix by attempting to execute a process with a lower privilege level and verifying that it is denied.
Actualice su sistema operativo Windows a la última versión disponible a través de Windows Update. Esto instalará la versión corregida del Administrador de conexión de acceso remoto de Windows y solucionará la vulnerabilidad de elevación de privilegios.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-47955 is a high-severity vulnerability in Windows Remote Access Connection Manager allowing an authenticated attacker to escalate privileges locally.
You are affected if you are running Windows Remote Access Connection Manager versions less than or equal to 10.0.26100.4061.
Upgrade Windows Remote Access Connection Manager to version 10.0.26100.4061 or later to remediate the vulnerability.
Currently, no public proof-of-concept exploits are known, but the vulnerability's nature suggests a potential for exploitation.
Refer to the official Microsoft Security Update Guide for details: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47955](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47955)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.