Two critical privilege escalation flaws were disclosed in the Windows Remote Access Connection Manager on December 9, 2025.
The vulnerabilities, tracked as CVE-2025-62472 and CVE-2025-62474, allow authorized attackers with low-level privileges to gain SYSTEM-level access on affected systems.
CVE-2025-62472 stems from the use of uninitialized resources in the Remote Access Connection Manager. Enabling privilege escalation through memory mismanagement.
The vulnerability has a CVSS score of 7.8 and is classified as Important severity.
CVE-2025-62474 involves improper access control mechanisms within the same component and is rated Important, with a matching CVSS score of 7.8.
Both vulnerabilities require local access and low user privileges to exploit, but once initiated, they require no further user interaction.
| CVE ID | Weakness | CVSS Score |
|---|---|---|
| CVE-2025-62472 | CWE-908 (Uninitialized Resource), CWE-416 (Use After Free) | 7.8 |
| CVE-2025-62474 | CWE-284 (Improper Access Control) | 7.8 |
The attack vectors for both vulnerabilities are strictly local, meaning attackers must already have access to the target system.
However, the lack of required user interaction makes these vulnerabilities particularly dangerous in enterprise environments where multiple users share systems or where compromised accounts exist.
An attacker successfully exploiting either vulnerability would gain complete SYSTEM privileges, the highest privilege level on Windows systems.
Microsoft has not reported any public disclosure or active exploitation of these vulnerabilities as of the announcement date.
The exploitability assessment rates CVE-2025-62472 as “Exploitation More Likely” while CVE-2025-62474 is marked as “Exploitation Less Likely,”.
Suggesting that the uninitialized resource vulnerability may be easier to weaponize. Both vulnerabilities remain in the unproven exploit code maturity stage.
| Operating System | KB Article | Build Number |
|---|---|---|
| Windows Server 2025 | 5072033, 5072014 | 10.0.26100.7462 |
| Windows Server 2022 | 5071547, 5071413 | 10.0.20348.4529 |
| Windows Server 2019 | 5071544 | 10.0.17763.8146 |
| Windows Server 2016 | 5071543 | 10.0.14393.8688 |
| Windows 11 Version 24H2 | 5072033, 5072014 | 10.0.26100.7462 |
| Windows 11 Version 23H2 | 5071417 | 10.0.22631.6345 |
| Windows 10 Version 22H2 | 5071546 | 10.0.19045.6691 |
| Windows 10 Version 1809 | 5071544 | 10.0.17763.8146 |
The affected systems span multiple Windows versions, including Windows Server 2008 through 2025 and Windows 10 and 11 editions.
Microsoft released security updates across all supported platforms on December 9, 2025. Organizations should prioritize patching these vulnerabilities immediately, particularly on systems that handle sensitive operations or support multiple users.
The availability of official fixes with confirmed remediation levels provides customers with timely protection against these privilege escalation threats.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
