⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.. Due date: 2025-04-01.

CVE-2025-26633Improper Neutralization in Microsoft Windows 10 Version 1507

CWE-707Improper Neutralization35 documents18 sources
Severity
7.0HIGHNVD
EPSS
19.6%
top 4.58%
CISA KEV
KEVRansomware
Added 2025-03-11
Due 2025-04-01
Exploit
PoC available
Public exploit / PoC exists
Affected products
27
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809+24 more
Timeline
PublishedMar 11
KEV addedMar 11
KEV dueApr 1
Latest updateApr 8
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages26 packages

NVDmicrosoft/windows< 10.0.14393.7876+5
NVDmicrosoft/windows_10_1507< 10.0.10240.20947
NVDmicrosoft/windows_10_1607< 10.0.14393.7876
NVDmicrosoft/windows_10_1809< 10.0.17763.7009
NVDmicrosoft/windows_10_21h2< 10.0.19044.5608

🔴Vulnerability Details

3
GHSA
GHSA-8xfh-434c-qfv7: Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally2025-03-11
CVEList
Microsoft Management Console Security Feature Bypass Vulnerability2025-03-11
VulnCheck
Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability2025

💥Exploits & PoCs

1
Exploit-DB
Microsoft MMC MSC EvilTwin - Local Admin Creation2026-04-08

📋Vendor Advisories

2
CISA
Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability2025-03-11
Microsoft
Microsoft Management Console Security Feature Bypass Vulnerability2025-03-11

🕵️Threat Intelligence

27
Greynoiseio
The Noise in the Silence: Unmasking CISA's Hidden KEV Ransomware Updates2026-02-02
Tenable
Patch Tuesday 2025 Year In Review2025-12-10
Zscaler
In-Depth Analysis: Water Gamayun APT Multi-Stage Attack Uncovered2025-11-25
Bleepingcomputer
EncryptHub&#039;s dual life: Cybercriminal vs Windows bug-bounty researcher2025-04-07
Trendmicro
Water Gamayun missbraucht Zero Day-Lücke in MMC2025-04-01

📄Research Papers

1
arXiv
CyberThreat-Eval: Can Large Language Models Automate Real-World Threat Research?2026-03-10
CVE-2025-26633 — Improper Neutralization in Microsoft | cvebase