Windows Remote Access Connection Manager (RasMan) zero-day denial-of-service flaw (CVE-2025-59230 chaining context)
Vulnerability
Summary
Hide ▲
Show ▼
Windows RasMan has a newly disclosed zero-day denial-of-service flaw that lets unprivileged attackers crash a critical service on Windows 7 through Windows 11 and Windows Server 2008 R2 through Server 2025. The crash can create a path for privilege-escalation chaining when paired with CVE-2025-59230 or similar elevation-of-privilege bugs. 0Patch is offering free unofficial micropatches while Microsoft prepares an official fix.
Related Happenings
Microsoft Defender RoguePlanet race-condition zero-day remote code execution flaw
Vulnerability
H score39
First: 10.06.2026 02:11
Last: 10.06.2026 02:11
Sources 1
About this happening:
Microsoft Defender zero-day RoguePlanet is a race-condition flaw affecting fully patched Windows 10 and Windows 11 systems. A public proof-of-concept exploit was released shortly...
Microsoft Defender RoguePlanet race-condition zero-day remote code execution flaw
VulnerabilityAbout this happening: Microsoft Defender zero-day RoguePlanet is a race-condition flaw affecting fully patched Windows 10 and Windows 11 systems. A public proof-of-concept exploit was released shortly...
Latest development: 10.06.2026 08:22
The anonymous security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, released a proof-of-concept (PoC) exploit for the Microsoft Defender zero-day RoguePlanet under a new GitHub account named MSNightmare. The race-condition exploit can yield a SYSTEM-level shell and arbitrary code execution when it succeeds, has been tested on Windows 11 and Windows 10 with the June 2026 Patch Tuesday updates installed, and currently does not work on Windows Server without redesign because standard users cannot mount an ISO image.
Pwn2Own Berlin 2026 multi-product zero-days privilege-escalation flaw
Vulnerability
H score40
First: 14.05.2026 21:53
Last: 14.05.2026 21:53
Sources 1
About this happening:
**Pwn2Own Berlin 2026** opened with **24 unique zero-days** demonstrated against **fully patched products**, creating immediate exposure across browser, OS, virtualization, enterp...
Pwn2Own Berlin 2026 multi-product zero-days privilege-escalation flaw
VulnerabilityAbout this happening: **Pwn2Own Berlin 2026** opened with **24 unique zero-days** demonstrated against **fully patched products**, creating immediate exposure across browser, OS, virtualization, enterp...
CISA KEV order for BlueHammer patching
Public Sector Action
H score37
First: 23.04.2026 14:05
Last: 23.04.2026 14:05
Sources 1
About this happening:
**CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding **BlueHammer** to the **K...
CISA KEV order for BlueHammer patching
Public Sector ActionAbout this happening: **CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding **BlueHammer** to the **K...
CISA orders FCEB remediation for CVE-2025-60710
Public Sector Action
H score34
First: 15.04.2026 17:51
Last: 15.04.2026 17:51
Sources 1
About this happening:
CISA added **CVE-2025-60710** to its **actively exploited** catalog and gave **FCEB agencies** **two weeks** to secure systems under **BOD 22-01**. The move targets a **Windows Ta...
CISA orders FCEB remediation for CVE-2025-60710
Public Sector ActionAbout this happening: CISA added **CVE-2025-60710** to its **actively exploited** catalog and gave **FCEB agencies** **two weeks** to secure systems under **BOD 22-01**. The move targets a **Windows Ta...
Storm-1175 high-velocity exploit campaign
Campaign
H score59
First: 06.04.2026 19:56
Last: 06.04.2026 19:56
Sources 1
About this happening:
**Storm-1175** is running a **high-velocity exploit campaign** that rapidly turns access into **Medusa ransomware** deployment, creating risk of **data exfiltration** and encrypte...
Storm-1175 high-velocity exploit campaign
CampaignAbout this happening: **Storm-1175** is running a **high-velocity exploit campaign** that rapidly turns access into **Medusa ransomware** deployment, creating risk of **data exfiltration** and encrypte...
Timeline
-
12.12.2025 13:28 1 articles · 6mo ago
ACROS Security discloses unpatched RasMan DoS flaw
Initial DisclosureACROS Security identified an unpatched Windows zero-day in the Remote Access Connection Manager (RasMan) service that lets unprivileged users trigger a crash through a circular-linked-list coding error. The flaw affects Windows 7 through Windows 11 and Windows Server 2008 R2 through Server 2025, and the researchers said they alerted Microsoft about the issue while noting that chaining it with CVE-2025-59230 or similar elevation-of-privileges bugs can help attackers reach code execution by impersonating RasMan.
Show sources
- New Windows RasMan zero-day flaw gets free, unofficial patches — www.bleepingcomputer.com — 12.12.2025 13:28
-
12.12.2025 13:28 2 articles · 6mo ago
0Patch releases free micropatch for RasMan zero-day
Mitigation Patch Update0Patch is making free unofficial security patches available for the RasMan zero-day across affected Windows versions, with installation handled by the 0Patch agent and no restart required unless a custom patching policy blocks it. ACROS Security said the micropatch will remain available until Microsoft ships an official fix for still-supported Windows versions.
Show sources
- New Windows RasMan zero-day flaw gets free, unofficial patches — www.bleepingcomputer.com — 12.12.2025 13:28
- New Windows RasMan zero-day flaw gets free, unofficial patches — www.bleepingcomputer.com — 12.12.2025 13:28