Vulnerability Details : CVE-2025-26633
Used for ransomware!
Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
Products affected by CVE-2025-26633
- Microsoft » Windows 2003 ServerVersions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2003Versions from including (>=) 10.0.22621.0 and before (<) 10.0.22621.5039cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2003Versions from including (>=) 10.0.19045.0 and before (<) 10.0.19045.5608cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2003Versions from including (>=) 10.0.10240.0 and before (<) 10.0.10240.20947cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2003Versions from including (>=) 10.0.14393.0 and before (<) 10.0.14393.7876cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2003Versions from including (>=) 10.0.19043.0 and before (<) 10.0.19044.5608cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2003Versions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2003Versions from including (>=) 10.0.22631.0 and before (<) 10.0.22631.5039cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2003Versions from including (>=) 10.0.17763.0 and before (<) 10.0.17763.7009cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2008Versions from including (>=) 10.0.10240.0 and before (<) 10.0.10240.20947cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2008Versions from including (>=) 10.0.22631.0 and before (<) 10.0.22631.5039cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2008Versions from including (>=) 10.0.19043.0 and before (<) 10.0.19044.5608cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2008Versions from including (>=) 6.0.6003.0 and before (<) 6.0.6003.23168cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2008Versions from including (>=) 10.0.17763.0 and before (<) 10.0.17763.7009cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2008Versions from including (>=) 6.1.7601.0 and before (<) 6.1.7601.27618cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2008Versions from including (>=) 10.0.22621.0 and before (<) 10.0.22621.5039cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2008Versions from including (>=) 10.0.14393.0 and before (<) 10.0.14393.7876cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2008Versions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2008Versions from including (>=) 10.0.19045.0 and before (<) 10.0.19045.5608cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
- Microsoft » Windows Server 2012Versions from including (>=) 10.0.14393.0 and before (<) 10.0.14393.7876cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2012Versions from including (>=) 10.0.22621.0 and before (<) 10.0.22621.5039cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2012Versions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2012Versions from including (>=) 10.0.10240.0 and before (<) 10.0.10240.20947cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2012Versions from including (>=) 10.0.17763.0 and before (<) 10.0.17763.7009cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2012Versions from including (>=) 10.0.19043.0 and before (<) 10.0.19044.5608cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2012Versions from including (>=) 10.0.22631.0 and before (<) 10.0.22631.5039cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2012Versions from including (>=) 6.2.9200.0 and before (<) 6.2.9200.25368cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2012Versions from including (>=) 6.3.9600.0 and before (<) 6.3.9600.22470cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2012Versions from including (>=) 10.0.19045.0 and before (<) 10.0.19045.5608cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- Microsoft » Windows Server 2016Versions from including (>=) 10.0.19043.0 and before (<) 10.0.19044.5608cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2016Versions from including (>=) 10.0.22631.0 and before (<) 10.0.22631.5039cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2016Versions from including (>=) 10.0.19045.0 and before (<) 10.0.19045.5608cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2016Versions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2016Versions from including (>=) 10.0.10240.0 and before (<) 10.0.10240.20947cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2016Versions from including (>=) 10.0.22621.0 and before (<) 10.0.22621.5039cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2016Versions from including (>=) 10.0.14393.0 and before (<) 10.0.14393.7876cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2016Versions from including (>=) 10.0.17763.0 and before (<) 10.0.17763.7009cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
- Microsoft » Windows Server 2019Versions from including (>=) 10.0.22621.0 and before (<) 10.0.22621.5039cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2019Versions from including (>=) 10.0.19045.0 and before (<) 10.0.19045.5608cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2019Versions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2019Versions from including (>=) 10.0.14393.0 and before (<) 10.0.14393.7876cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2019Versions from including (>=) 10.0.17763.0 and before (<) 10.0.17763.7009cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2019Versions from including (>=) 10.0.10240.0 and before (<) 10.0.10240.20947cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2019Versions from including (>=) 10.0.22631.0 and before (<) 10.0.22631.5039cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2019Versions from including (>=) 10.0.19043.0 and before (<) 10.0.19044.5608cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
- Microsoft » Windows Server 2022Versions from including (>=) 10.0.25398.0 and before (<) 10.0.25398.1486cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2022Versions from including (>=) 10.0.20348.0 and before (<) 10.0.20348.3328cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2022Versions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2022Versions from including (>=) 10.0.19045.0 and before (<) 10.0.19045.5608cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2022Versions from including (>=) 10.0.19043.0 and before (<) 10.0.19044.5608cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2022Versions from including (>=) 10.0.22621.0 and before (<) 10.0.22621.5039cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2022Versions from including (>=) 10.0.22631.0 and before (<) 10.0.22631.5039cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
- Microsoft » Windows 11 21h2Versions from including (>=) 10.0.19045.0 and before (<) 10.0.19045.5608cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 11 21h2Versions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 11 21h2Versions from including (>=) 10.0.19043.0 and before (<) 10.0.19044.5608cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 11 21h2Versions from including (>=) 10.0.22631.0 and before (<) 10.0.22631.5039cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 11 21h2Versions from including (>=) 10.0.22621.0 and before (<) 10.0.22621.5039cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 11 22h2Versions from including (>=) 10.0.22621.0 and before (<) 10.0.22621.5039cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 11 22h2Versions from including (>=) 10.0.19043.0 and before (<) 10.0.19044.5608cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 11 22h2Versions from including (>=) 10.0.22631.0 and before (<) 10.0.22631.5039cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*
- Microsoft » Windows 11 22h2Versions from including (>=) 10.0.19045.0 and before (<) 10.0.19045.5608cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 11 22h2Versions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
- Microsoft » Windows 10 1607Versions from including (>=) 10.0.17763.0 and before (<) 10.0.17763.7009cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*
- Microsoft » Windows 10 1607Versions from including (>=) 10.0.14393.0 and before (<) 10.0.14393.7876cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*
- Microsoft » Windows 10 1607Versions from including (>=) 10.0.10240.0 and before (<) 10.0.10240.20947cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
- Microsoft » Windows 10 1809Versions from including (>=) 10.0.14393.0 and before (<) 10.0.14393.7876cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
- Microsoft » Windows 10 1809Versions from including (>=) 10.0.17763.0 and before (<) 10.0.17763.7009cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*
- Microsoft » Windows 10 1809Versions from including (>=) 10.0.10240.0 and before (<) 10.0.10240.20947cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*
- Microsoft » Windows 10 21h2Versions from including (>=) 10.0.19045.0 and before (<) 10.0.19045.5608cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 10 21h2Versions from including (>=) 10.0.14393.0 and before (<) 10.0.14393.7876cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*
- Microsoft » Windows 10 21h2Versions from including (>=) 10.0.10240.0 and before (<) 10.0.10240.20947cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*
- Microsoft » Windows 10 21h2Versions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 10 21h2Versions from including (>=) 10.0.17763.0 and before (<) 10.0.17763.7009cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 10 21h2Versions from including (>=) 10.0.22621.0 and before (<) 10.0.22621.5039cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 10 21h2Versions from including (>=) 10.0.22631.0 and before (<) 10.0.22631.5039cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 10 21h2Versions from including (>=) 10.0.19043.0 and before (<) 10.0.19044.5608cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 10 22h2Versions from including (>=) 10.0.19043.0 and before (<) 10.0.19044.5608cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 10 22h2Versions from including (>=) 10.0.22621.0 and before (<) 10.0.22621.5039cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 10 22h2Versions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 10 22h2Versions from including (>=) 10.0.19045.0 and before (<) 10.0.19045.5608cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*
- cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*
- Microsoft » Windows 10 22h2Versions from including (>=) 10.0.22631.0 and before (<) 10.0.22631.5039cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
- Microsoft » Windows 10 1507Versions from including (>=) 10.0.14393.0 and before (<) 10.0.14393.7876cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
- Microsoft » Windows 10 1507Versions from including (>=) 10.0.17763.0 and before (<) 10.0.17763.7009cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*
- Microsoft » Windows 10 1507Versions from including (>=) 10.0.10240.0 and before (<) 10.0.10240.20947cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*
- Microsoft » Windows 11 23h2Versions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 11 23h2Versions from including (>=) 10.0.22631.0 and before (<) 10.0.22631.5039cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 11 23h2Versions from including (>=) 10.0.19043.0 and before (<) 10.0.19044.5608cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*
- Microsoft » Windows 11 23h2Versions from including (>=) 10.0.22621.0 and before (<) 10.0.22621.5039cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 11 23h2Versions from including (>=) 10.0.19045.0 and before (<) 10.0.19045.5608cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2022 23h2Versions from including (>=) 10.0.19043.0 and before (<) 10.0.19044.5608cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2022 23h2Versions from including (>=) 10.0.19045.0 and before (<) 10.0.19045.5608cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2022 23h2Versions from including (>=) 10.0.22631.0 and before (<) 10.0.22631.5039cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2022 23h2Versions from including (>=) 10.0.22621.0 and before (<) 10.0.22621.5039cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*
- Microsoft » Windows Server 2022 23h2Versions from including (>=) 10.0.25398.0 and before (<) 10.0.25398.1486cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
- Microsoft » Windows Server 2022 23h2Versions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 11 24h2Versions from including (>=) 10.0.22621.0 and before (<) 10.0.22621.5039cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 11 24h2Versions from including (>=) 10.0.19045.0 and before (<) 10.0.19045.5608cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*
- Microsoft » Windows 11 24h2Versions from including (>=) 10.0.19043.0 and before (<) 10.0.19044.5608cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*
- Microsoft » Windows 11 24h2Versions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*
- Microsoft » Windows 11 24h2Versions from including (>=) 10.0.22631.0 and before (<) 10.0.22631.5039cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*
CVE-2025-26633 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability
CISA required action:
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA description:
Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally.
Notes:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26633 ; https://nvd.nist.gov/vuln/detail/CVE-2025-26633
Added on
2025-03-11
Action due date
2025-04-01
Exploit prediction scoring system (EPSS) score for CVE-2025-26633
1.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2025-26633
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.0
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/... |
N/A
|
N/A
|
Microsoft Corporation | 2025-03-11 |
|
7.0
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
Microsoft Corporation | 2025-03-11 |
|
7.0
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/... |
N/A
|
N/A
|
MS-CVE-2025-26633 | 2025-03-11 |
CWE ids for CVE-2025-26633
-
The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.Assigned by: secure@microsoft.com (Secondary)
References for CVE-2025-26633
-
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26633
CVE-2025-26633 - Security Update Guide - Microsoft - Microsoft Management Console Security Feature Bypass VulnerabilityVendor Advisory
-
https://www.vicarius.io/vsociety/posts/cve-2025-26633-security-feature-bypass-in-microsoft-management-console-mitigation-script
Exploit;Third Party Advisory
-
https://www.vicarius.io/vsociety/posts/cve-2025-26633-security-feature-bypass-in-microsoft-management-console-detection-script
Exploit;Third Party Advisory
Jump to