Find notable cyber news and cases, enriched with sources, timelines, and signals.

Windows Remote Access Connection Manager (RasMan) zero-day denial-of-service flaw (CVE-2025-59230 chaining context)

Vulnerability
First reported
Last updated
Happening score
H score 1
1 unique sources, 1 articles

Summary

Hide ▲

Windows RasMan has a newly disclosed zero-day denial-of-service flaw that lets unprivileged attackers crash a critical service on Windows 7 through Windows 11 and Windows Server 2008 R2 through Server 2025. The crash can create a path for privilege-escalation chaining when paired with CVE-2025-59230 or similar elevation-of-privilege bugs. 0Patch is offering free unofficial micropatches while Microsoft prepares an official fix.

Related Happenings

Microsoft Defender RoguePlanet race-condition zero-day remote code execution flaw

Vulnerability
H score39 First: 10.06.2026 02:11 Last: 10.06.2026 02:11 Sources 1

About this happening: Microsoft Defender zero-day RoguePlanet is a race-condition flaw affecting fully patched Windows 10 and Windows 11 systems. A public proof-of-concept exploit was released shortly...

Latest development: 10.06.2026 08:22

The anonymous security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, released a proof-of-concept (PoC) exploit for the Microsoft Defender zero-day RoguePlanet under a new GitHub account named MSNightmare. The race-condition exploit can yield a SYSTEM-level shell and arbitrary code execution when it succeeds, has been tested on Windows 11 and Windows 10 with the June 2026 Patch Tuesday updates installed, and currently does not work on Windows Server without redesign because standard users cannot mount an ISO image.

Pwn2Own Berlin 2026 multi-product zero-days privilege-escalation flaw

Vulnerability
H score40 First: 14.05.2026 21:53 Last: 14.05.2026 21:53 Sources 1

About this happening: **Pwn2Own Berlin 2026** opened with **24 unique zero-days** demonstrated against **fully patched products**, creating immediate exposure across browser, OS, virtualization, enterp...

CISA KEV order for BlueHammer patching

Public Sector Action
H score37 First: 23.04.2026 14:05 Last: 23.04.2026 14:05 Sources 1

About this happening: **CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding **BlueHammer** to the **K...

CISA orders FCEB remediation for CVE-2025-60710

Public Sector Action
H score34 First: 15.04.2026 17:51 Last: 15.04.2026 17:51 Sources 1

About this happening: CISA added **CVE-2025-60710** to its **actively exploited** catalog and gave **FCEB agencies** **two weeks** to secure systems under **BOD 22-01**. The move targets a **Windows Ta...

Storm-1175 high-velocity exploit campaign

Campaign
H score59 First: 06.04.2026 19:56 Last: 06.04.2026 19:56 Sources 1

About this happening: **Storm-1175** is running a **high-velocity exploit campaign** that rapidly turns access into **Medusa ransomware** deployment, creating risk of **data exfiltration** and encrypte...

Timeline

  1. 12.12.2025 13:28 1 articles · 6mo ago

    ACROS Security discloses unpatched RasMan DoS flaw

    Initial Disclosure

    ACROS Security identified an unpatched Windows zero-day in the Remote Access Connection Manager (RasMan) service that lets unprivileged users trigger a crash through a circular-linked-list coding error. The flaw affects Windows 7 through Windows 11 and Windows Server 2008 R2 through Server 2025, and the researchers said they alerted Microsoft about the issue while noting that chaining it with CVE-2025-59230 or similar elevation-of-privileges bugs can help attackers reach code execution by impersonating RasMan.

    Show sources
  2. 12.12.2025 13:28 2 articles · 6mo ago

    0Patch releases free micropatch for RasMan zero-day

    Mitigation Patch Update

    0Patch is making free unofficial security patches available for the RasMan zero-day across affected Windows versions, with installation handled by the 0Patch agent and no restart required unless a custom patching policy blocks it. ACROS Security said the micropatch will remain available until Microsoft ships an official fix for still-supported Windows versions.

    Show sources