What is the CVSS score of CVE-2025-26633?

CVE-2025-26633 has a CVSS 3.1 base score of 7.0 (High). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 7.1%.

Which versions of Microsoft are affected by CVE-2025-26633?

Organizations using Improper neutralization in Microsoft Management Console face moderate risk from CVE-2025-26633 rated CVSS 7.0. Exploitation could compromise the security of affected deployments.

Is there a public PoC exploit available for CVE-2025-26633?

Yes, a public proof-of-concept exploit is available for CVE-2025-26633. Prioritise patching immediately. EPSS: 7.1%.

How to fix or mitigate CVE-2025-26633?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Monitor vendor channels for patch availability.

Microsoft CVE-2025-26633

HIGH

Improper Neutralization (CWE-707)

2025-03-11 secure@microsoft.com

Authentication Bypass Microsoft

7.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 19:52 vuln.today

Added to CISA KEV

Oct 27, 2025 - 17:13 cisa

CISA KEV

PoC Detected

Oct 27, 2025 - 17:13 vuln.today

Public exploit code

CVE Published

Mar 11, 2025 - 17:16 nvd

HIGH 7.0

DescriptionNVD

Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

AnalysisAI

A security feature bypass in Microsoft Management Console (MMC) allows attackers to evade security warnings and execute malicious code locally. KEV-listed and tracked as CVE-2025-26633, this vulnerability has been actively exploited by the Water Gamayun threat group (also tracked as EncryptHub) using crafted .msc files to deploy info-stealing malware. Public PoC is available and EPSS is 7.1%.

Technical ContextAI

MMC is a built-in Windows framework for managing system snap-ins (.msc files). The vulnerability allows attackers to craft malicious .msc files that bypass the trust validation and warning mechanisms normally preventing execution of untrusted snap-ins. This is particularly effective because .msc files are commonly used by administrators and are often trusted by security tools. The Water Gamayun/EncryptHub group has been observed chaining this with social engineering.

Affected ProductsAI

Microsoft Windows 10 (all versions) Microsoft Windows 11 Microsoft Windows Server 2016/2019/2022

RemediationAI

Apply Microsoft security update immediately. Block .msc file attachments at email gateways. Educate users about risks of opening .msc files from untrusted sources. Monitor for suspicious MMC execution patterns. Consider ASR (Attack Surface Reduction) rules to restrict .msc execution.

More from same product – last 7 days

CVE-2026-10044 HIGH This Week POC

7.5 May 28

{filename} endpoint. The flawed traversal filter only rejects forward slashes and '..' sequences, leaving absolute Windo

CVE-2026-40412 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Azure Orbital Spatio allows unauthenticated network attackers to upload dangerous fil

CVE-2026-41104 CRITICAL Monitor

10.0 May 22

Unsafe deserialization in Microsoft Planetary Computer Pro (Geocatalog) lets a remote unauthenticated attacker craft mal

CVE-2026-23652 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Power Pages allows unauthenticated network attackers to inject and execute operating-

CVE-2026-47280 CRITICAL Monitor

10.0 May 22

Privilege elevation in Microsoft Azure Resource Manager (ARM) allows remote unauthenticated attackers to bypass authenti

CVE-2025-26633 vulnerability details – vuln.today

Back

Microsoft CVE-2025-26633

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code