Ethical Hacking News
ACROS Security has discovered a new zero-day flaw in the Windows Remote Access Connection Manager (RasMan) service that allows attackers to crash the service. Free unofficial patches are available until Microsoft releases an official fix. Stay updated with the latest security patches and protect your systems from potential threats.
The researchers at ACROS Security have identified a new zero-day vulnerability in the Windows RasMan service. The vulnerability, CVE-2025-59230, allows attackers to crash the RasMan service and execute code by impersonating it. The attack only works when the RasMan service is not running. Microsoft has not assigned a CVE ID for this vulnerability yet and has not released an official patch. ACROS Security has provided free, unofficial security patches to address the issue until Microsoft releases its official fix.
In a recent discovery, researchers from ACROS Security have identified a new zero-day vulnerability in the Remote Access Connection Manager (RasMan) service of Windows systems. This critical flaw allows attackers to crash the RasMan service, which is responsible for managing VPN, Point-to-Point Protocol over Ethernet (PPoE), and other remote network connections.
The vulnerability, CVE-2025-59230, was first discovered by ACROS Security while they were investigating a Windows zero-day vulnerability. The researchers found that when combined with the existing vulnerability, it allows attackers to execute code by impersonating the RasMan service. However, this attack only works when the RasMan service is not running.
The new flaw provides a critical missing piece in the exploitation of CVE-2025-59230. According to ACROS Security CEO Mitja Kolsek, "This DoS zero-day has not been assigned a CVE ID and remains unpatched across all Windows versions, including Windows 7 through Windows 11 and Windows Server 2008 R2 through Server 2025."
The vulnerability is caused by a coding error in how the RasMan service processes circular linked lists. When the service encounters a null pointer while traversing a list, it attempts to read memory from that pointer rather than exiting the loop, causing a crash.
ACROS Security has now provided free, unofficial security patches for this Windows RasMan zero-day via its 0Patch micropatching service for all affected Windows versions until Microsoft releases an official fix. To install the micropatch on your device, you have to create an account and install the 0Patch agent. Once launched, the agent will automatically apply the micropatch without requiring a restart unless a custom patching policy blocks it.
Microsoft was alerted about this issue and is expected to release an official patch for still-supported Windows versions in one of future Windows updates. However, ACROS Security has included these 0day patches in their free plan until the original vendor provides their official patch.
In conclusion, the recent discovery of a new zero-day vulnerability in the RasMan service highlights the importance of staying up-to-date with security patches and the need for organizations to take proactive measures to protect themselves against potential threats. As ACROS Security has provided unofficial patches for this vulnerability, it is crucial for users to keep an eye on Microsoft's updates and apply these micropatches as soon as possible.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Windows-Zero-Day-Flaw-Exposed-A-Threat-to-Remote-Access-Connection-Manager-RasMan-Services-ehn.shtml
https://www.bleepingcomputer.com/news/microsoft/new-windows-rasman-zero-day-flaw-gets-free-unofficial-patches/
https://www.bleepingcomputer.com/news/security/new-windows-zero-day-leaks-ntlm-hashes-gets-unofficial-patch/
https://www.tomshardware.com/tech-industry/cyber-security/zero-day-windows-ntlm-hash-vulnerability-gets-patched-by-third-party-credentials-can-be-hijacked-by-merely-viewing-a-malicious-file-in-file-explorer
https://nvd.nist.gov/vuln/detail/CVE-2025-59230
https://www.cvedetails.com/cve/CVE-2025-59230/
Published: Fri Dec 12 05:37:33 2025 by llama3.2 3B Q4_K_M
