CVE-2025-47955: 
vulnerability analysis and mitigation

CVE-2025-47955 is an elevation of privilege vulnerability affecting the Windows Remote Access Connection Manager, disclosed on June 10, 2025, as part of Microsoft's June 2025 Patch Tuesday updates. This security flaw allows an authorized attacker to elevate privileges locally on affected Windows systems (MSRC, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction to exploit. The vulnerability is classified under CWE-269 (Improper Privilege Management) (NVD).

If successfully exploited, this vulnerability allows an attacker with local access to elevate their privileges on the affected system. The high CVSS score indicates that successful exploitation could lead to complete compromise of confidentiality, integrity, and availability of the targeted system (Wiz).

Microsoft has released a security update to address this vulnerability as part of the June 2025 Patch Tuesday. Organizations and system administrators are advised to apply the security update promptly to mitigate the risk of exploitation (Wiz).