In December 2025, the ACROS Security team discovered a serious vulnerability in the Remote Access Connection Manager (RASMan) service in Windows. This flaw, which still lacks an official CVE identifier, allows attackers to crash the service almost instantly, posing a significant security threat. While Microsoft has yet to address the issue, an unofficial patch from ACROS Security is already circulating and effectively mitigates the problem.
The Severity of the RASMan Vulnerability in Windows
The RASMan service manages VPN connections and remote access on modern Windows systems, making this vulnerability especially dangerous. The issue stems from a programming error in how the service handles circular linked lists, causing it to crash when a pointer becomes invalid. What makes matters worse is the connection between this vulnerability and CVE-2025-59230, a privilege escalation flaw patched by Microsoft in October 2025. This vulnerability could be easily exploited if RASMan is stopped, allowing attackers to take control of system privileges.
Unofficial Patch: The Alternative Solution
In response to Microsoft's silence, ACROS Security released an unofficial patch via its 0patch platform. This patch works by directly injecting fixes into memory, without requiring a system restart or modification of system files. Users can download and install this patch for free, but it will only remain available until Microsoft releases an official fix.
Malicious Exploits Circulating
The situation worsens as functional exploits for this vulnerability are already circulating on the internet, and anyone can download them with ease. More concerning is the fact that these exploits go undetected by antivirus programs, meaning there is no defense against them. The lack of protection turns this theoretical threat into a real risk for Windows systems.
How to Protect Your Systems
While Microsoft has not yet responded to requests for a CVE assignment or official fix timeline, Windows administrators are advised to install the ACROS Security patch as a precautionary measure to protect their systems from this growing security threat.