Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Windows Remote Access Connection Manager (RasMan) zero-day denial-of-service flaw (CVE-2025-59230 chaining context)

Vulnerability
First reported
Last updated
Happening score
H score 20
1 unique sources, 1 articles

Summary

Hide ▲

Windows RasMan has a newly disclosed zero-day denial-of-service flaw that lets unprivileged attackers crash a critical service on Windows 7 through Windows 11 and Windows Server 2008 R2 through Server 2025. The crash can create a path for privilege-escalation chaining when paired with CVE-2025-59230 or similar elevation-of-privilege bugs. 0Patch is offering free unofficial micropatches while Microsoft prepares an official fix.

Related Happenings

Pwn2Own Berlin 2026 multi-product zero-days privilege-escalation flaw

Vulnerability
First: 14.05.2026 21:53 Last: 14.05.2026 21:53 Sources 1

About this happening: **Pwn2Own Berlin 2026** opened with **24 unique zero-days** demonstrated against **fully patched products**, creating immediate exposure across browser, OS, virtualization, enterp...

Open Happening

CISA KEV order for BlueHammer patching

Public Sector Action
First: 23.04.2026 14:05 Last: 23.04.2026 14:05 Sources 1

About this happening: **CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding the flaw to the **KEV Cat...

Open Happening

CISA orders FCEB remediation for CVE-2025-60710

Public Sector Action
First: 15.04.2026 17:51 Last: 15.04.2026 17:51 Sources 1

About this happening: CISA added **CVE-2025-60710** to its **actively exploited** catalog and gave **FCEB agencies** **two weeks** to secure systems under **BOD 22-01**. The move targets a **Windows Ta...

Open Happening

Storm-1175 high-velocity exploit campaign

Campaign
First: 06.04.2026 19:56 Last: 06.04.2026 19:56 Sources 1

About this happening: **Storm-1175** is running a **high-velocity exploit campaign** that rapidly turns access into **Medusa ransomware** deployment, creating risk of **data exfiltration** and encrypte...

Open Happening

Windows 10 Agere modem drivers actively exploited elevation-of-privileges privilege-escalation flaw

Vulnerability
First: 13.01.2026 20:56 Last: 13.01.2026 20:56 Sources 1

About this happening: An **actively exploited elevation-of-privileges flaw** in **built-in Agere modem drivers** exposed **Windows 10** systems to privilege escalation risk until **KB5073724** was inst...

Open Happening

Timeline

  1. 12.12.2025 13:28 1 articles · 5mo ago

    ACROS Security discloses unpatched RasMan DoS flaw

    Initial Disclosure

    ACROS Security identified an unpatched Windows zero-day in the Remote Access Connection Manager (RasMan) service that lets unprivileged users trigger a crash through a circular-linked-list coding error. The flaw affects Windows 7 through Windows 11 and Windows Server 2008 R2 through Server 2025, and the researchers said they alerted Microsoft about the issue while noting that chaining it with CVE-2025-59230 or similar elevation-of-privileges bugs can help attackers reach code execution by impersonating RasMan.

    Show sources
    Open in new tab
  2. 12.12.2025 13:28 2 articles · 5mo ago

    0Patch releases free micropatch for RasMan zero-day

    Mitigation Patch Update

    0Patch is making free unofficial security patches available for the RasMan zero-day across affected Windows versions, with installation handled by the 0Patch agent and no restart required unless a custom patching policy blocks it. ACROS Security said the micropatch will remain available until Microsoft ships an official fix for still-supported Windows versions.

    Show sources
    Open in new tab