CVE-2025-26633

HIGH CISA KEV EPSS 98.1%

Published Mar 11, 20251y ago · Modified Jun 17, 20261w ago

7.0 CVSS 3.1

High

Find Similar

Published Mar 11, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

KEV Listed Mar 11, 2025 1y ago

KEV Due Apr 1, 2025 455d overdue

Description

Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

CVSS Details

Base Score

7.0

Exploitability

1.0

Impact

5.9

Vector string

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector Local

Attack Complexity High

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

CISA Known Exploited Overdue 455d

Added: Mar 11, 2025
Due: Apr 1, 2025

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

EPSS Exploit Probability

98.1% percentile

Exploit & Patch Status

Actively Exploited (KEV)

No Patch Available

Weaknesses 1

CWE-707

Affected Products 28

Vendor	Product	Version	Range
microsoft	windows_10_1507	*	<10.0.10240.20947
microsoft	windows_10_1507	*	<10.0.10240.20947
microsoft	windows_10_1607	*	<10.0.14393.7876
microsoft	windows_10_1607	*	<10.0.14393.7876
microsoft	windows_10_1809	*	<10.0.17763.7009
microsoft	windows_10_1809	*	<10.0.17763.7009
microsoft	windows_10_21h2	*	<10.0.19044.5608
microsoft	windows_10_21h2	*	<10.0.19044.5608
microsoft	windows_10_21h2	*	<10.0.19044.5608
microsoft	windows_10_22h2	*	<10.0.19045.5608
microsoft	windows_10_22h2	*	<10.0.19045.5608
microsoft	windows_10_22h2	*	<10.0.19045.5608
microsoft	windows_11_22h2	*	<10.0.22621.5039
microsoft	windows_11_22h2	*	<10.0.22621.5039
microsoft	windows_11_23h2	*	<10.0.22631.5039
microsoft	windows_11_23h2	*	<10.0.22631.5039
microsoft	windows_11_24h2	*	<10.0.26100.3403
microsoft	windows_11_24h2	*	<10.0.26100.3403
microsoft	windows_server_2008	*	any
microsoft	windows_server_2008	*	any
microsoft	windows_server_2008	r2	any
microsoft	windows_server_2012	*	any
microsoft	windows_server_2012	r2	any
microsoft	windows_server_2016	*	<10.0.14393.7876
microsoft	windows_server_2019	*	<10.0.17763.7009
microsoft	windows_server_2022	*	<10.0.20348.3270
microsoft	windows_server_2022_23h2	*	<10.0.25398.1486
microsoft	windows_server_2025	*	<10.0.26100.3403

References 4

msrc.microsoft.com https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26633

Vendor Advisory
cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-26633

US Government Resource
vicarius.io https://www.vicarius.io/vsociety/posts/cve-2025-26633-security-feature-bypass-in-microsoft-management-console-detection-script

ExploitThird Party Advisory
vicarius.io https://www.vicarius.io/vsociety/posts/cve-2025-26633-security-feature-bypass-in-microsoft-management-console-mitigation-script

ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.