Security researchers have uncovered a critical unpatched vulnerability in the c
This discovery emerged during an investigation of CVE-2025-59230, which Microsoft patched in October 2025.
CVE-2025-59230 represents an elevation-of-privilege vulnerability conceptually similar to CVE-2025-49760.
| CVE ID | Vulnerability Type | Affected Component | Severity | Affected Versions |
|---|---|---|---|---|
| CVE-2025-59230 | Elevation of Privilege | Windows Remote Access Connection Manager (RasMan) | High | Windows 7, 10, 11, Server 2008 R2 through Server 2025 |
The flaw occurs when the RasMan service registers an RPC endpoint during startup that other privileged services subsequently connect to and trust.
When RasMan is not running, an unprivileged attacker can register the same RPC endpoint and abuse this trust relationship to execute malicious code with elevated privileges.
However, exploiting CVE-2025-59230 presents a practical challenge. The RasMan service typically starts automatically during Windows startup, making it nearly impossible for an attacker to register the malicious endpoint first.
This is where the second, previously unknown vulnerability becomes critical. Researchers discovered that attackers can crash the RasMan service via a coding flaw in its handling of circular linked lists.
Technical Analysis of the Unpatched Flaw
The vulnerability stems from a flaw in the logic used when traversing a circular linked list. The code checks whether the current element pointer is NULL, but fails to exit the loop when it encounters this condition.
Instead, execution continues by attempting to read the following list element from the NULL pointer, resulting in a memory access violation that crashes the RasMan service.
The programming error results from the assumption that circular linked lists are always properly constructed.
While the developer added a NULL pointer check as a precautionary measure, it was never properly tested because all test cases likely used valid linked lists.
Security firm 0patch has developed micropatches for this unpatched vulnerability across all Windows versions from Windows 7 through Windows Server 2025.
The patch adds a check that properly exits the loop when encountering a NULL pointer, preventing the service from crashing.
Microsoft has been alerted about this issue and is expected to release an official patch in upcoming Windows updates for supported versions.
Organizations using unsupported Windows versions can leverage 0patch’s security-adopted support to maintain protection against emerging threats.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.