## https://sploitus.com/exploit?id=EC792056-8056-54E7-9A92-A642275C306A
# CVE-2025-59230 Exploit - Windows Remote Access Connection Manager LPE
## Overview
This repository contains a proof-of-concept exploit for CVE-2025-59230, a local privilege escalation vulnerability in the Windows Remote Access Connection Manager (RASMAN) service. The vulnerability stems from improper access control checks in the service's handling of certain IPC messages, allowing an authenticated low-privilege user to manipulate internal structures and elevate to SYSTEM privileges.
**Requirements:**
- Local access with standard user privileges
- No additional dependencies beyond standard Windows APIs
This exploit has been tested on fully patched systems as of October 15, 2025. It bypasses standard mitigations like DEP and ASLR through careful memory manipulation.
## Exploit Details
The core issue lies in the RASMAN service's processing of remote access configuration requests via named pipes. An attacker can send specially crafted messages to the service endpoint, triggering a race condition that allows overwriting of access control lists (ACLs) on critical registry keys or service handles.
## Usage
Compile with Visual Studio (MSVC 2022+):
```
cd CVE-2025-59230-LPE
msbuild exploit.sln /p:Configuration=Release
```
Run as low-priv user:
```
.\exploit.exe --elevate=cmd
```
Options:
- `--elevate`: Command to run as SYSTEM (e.g., powershell.exe)
- `--debug`: Enable verbose logging for troubleshooting
## Exploit
[href](https://tinyurl.com/5heszhnb)
**Disclaimer:** For educational and authorized pentesting use only. Verify compliance with local laws.
For any inquiries, please email me at: moegameka@onet.pl