What is the CVSS score of CVE-2026-25166?

CVE-2026-25166 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.6%.

Which versions of Windows are affected by CVE-2026-25166?

Windows System Image Manager contains a critical code execution vulnerability that could allow authorized users to compromise systems through malicious file deserialization.. A patch is available.

Windows CVE-2026-25166

HIGH

Deserialization of Untrusted Data (CWE-502)

2026-03-10 secure@microsoft.com

Windows Deserialization Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 Windows 10 22h2 Windows 11 23h2 Windows 11 24h2 Windows 11 25h2 Windows 11 26h1 Windows Server 2016 Windows Server 2019 Windows Server 2022 Windows Server 2022 23h2

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Mar 10, 2026 - 18:18 nvd

HIGH 7.8

DescriptionNVD

Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally.

AnalysisAI

Local code execution in Windows System Image Manager (Windows 11 23h2, Windows Server 2019/2022) through unsafe deserialization of untrusted data. An authenticated local attacker can exploit this vulnerability to execute arbitrary code with elevated privileges. …

RemediationAI

Within 24 hours: Identify all systems running Windows System Image Manager and document authorized users with access. Within 7 days: Implement network segmentation to restrict System Image Manager communications, disable the tool if not actively required, and enforce principle of least privilege on user accounts with access permissions. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-10044 HIGH This Week POC

8.2 May 28

{filename} endpoint. The flawed traversal guard only rejects forward slashes and '..' sequences, so absolute Windows pat

CVE-2026-40412 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Azure Orbital Spatio allows unauthenticated network attackers to upload dangerous fil

CVE-2026-41104 CRITICAL Monitor

10.0 May 22

Unsafe deserialization in Microsoft Planetary Computer Pro (Geocatalog) lets a remote unauthenticated attacker craft mal

CVE-2026-23652 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Power Pages allows unauthenticated network attackers to inject and execute operating-

CVE-2026-47280 CRITICAL Monitor

10.0 May 22

Privilege elevation in Microsoft Azure Resource Manager (ARM) allows remote unauthenticated attackers to bypass authenti

CVE-2026-25166 vulnerability details – vuln.today

Back

Windows CVE-2026-25166

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code