プラットフォーム
windows
コンポーネント
windows-remote-access-connection-manager
修正版
10.0.10240.21014
10.0.14393.8066
10.0.17763.7314
10.0.19044.5854
10.0.19045.5854
10.0.22621.5335
10.0.22631.5335
10.0.26100.4061
6.1.7601.27729
CVE-2025-47955 is a high-severity vulnerability affecting the Windows Remote Access Connection Manager. This improper privilege management flaw allows an authenticated attacker to elevate their privileges locally on the affected system. The vulnerability impacts Windows versions 10 and earlier, specifically those with Remote Access Connection Manager versions less than or equal to 10.0.26100.4061. Microsoft has released a patch to address this issue.
Successful exploitation of CVE-2025-47955 allows an attacker who has already gained some level of access to a system to significantly escalate their privileges. This could enable them to gain SYSTEM-level access, granting them complete control over the compromised machine. An attacker could then install malware, steal sensitive data, modify system configurations, or pivot to other systems on the network. The impact is particularly severe in environments where user accounts have elevated privileges or where Remote Access Connection Manager is used to manage connections for privileged users. This vulnerability shares similarities with other privilege escalation flaws where improper access controls are exploited to gain higher permissions.
CVE-2025-47955 was published on 2025-06-10. The EPSS score is pending evaluation, but the HIGH CVSS score suggests a moderate probability of exploitation. Currently, no public proof-of-concept (PoC) exploits are known, but the nature of privilege escalation vulnerabilities often makes them attractive targets for attackers. Monitor security advisories and threat intelligence feeds for any indications of active exploitation.
Organizations using Windows 10 and earlier versions, particularly those with legacy systems or configurations that rely heavily on Remote Access Connection Manager, are at risk. Shared hosting environments where multiple users share a single server are also vulnerable, as a compromised user account could be leveraged to escalate privileges and impact other users.
• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID = 4624 -MessageText '* privilege escalation*'"• windows / supply-chain:
Get-Process -ErrorAction SilentlyContinue | Where-Object {$_.TokenElevationType -eq 'TokenElevationTypeFull'}• windows / supply-chain: Check Autoruns for unusual entries related to Remote Access Connection Manager. • windows / supply-chain: Monitor Windows Defender for alerts related to privilege escalation attempts.
disclosure
エクスプロイト状況
EPSS
0.30% (53% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2025-47955 is to upgrade the Windows Remote Access Connection Manager to version 10.0.26100.4061 or later. If immediate patching is not possible, consider implementing least privilege principles to restrict user access and limit the potential impact of a successful exploit. Review existing group policies and user account permissions to ensure they adhere to the principle of least privilege. While a direct workaround isn't available, monitoring for suspicious privilege escalation attempts is crucial. After upgrading, confirm the fix by attempting to execute a process with a lower privilege level and verifying that it is denied.
Actualice su sistema operativo Windows a la última versión disponible a través de Windows Update. Esto instalará la versión corregida del Administrador de conexión de acceso remoto de Windows y solucionará la vulnerabilidad de elevación de privilegios.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-47955 is a high-severity vulnerability in Windows Remote Access Connection Manager allowing an authenticated attacker to escalate privileges locally.
You are affected if you are running Windows Remote Access Connection Manager versions less than or equal to 10.0.26100.4061.
Upgrade Windows Remote Access Connection Manager to version 10.0.26100.4061 or later to remediate the vulnerability.
Currently, no public proof-of-concept exploits are known, but the vulnerability's nature suggests a potential for exploitation.
Refer to the official Microsoft Security Update Guide for details: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47955](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47955)
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。