Security Feature Bypass in Microsoft Management Console
CVE-2025-26633
Key Information:
- Vendor
- Microsoft
- Status
- Vendor
- CVE Published:
- 11 March 2025
Badges
What is CVE-2025-26633?
CVE-2025-26633 is a vulnerability identified in the Microsoft Management Console (MMC), which is a key framework used for managing various components of the Windows operating system and applications. This vulnerability allows unauthorized individuals to bypass critical security features locally. As a result, organizations leveraging MMC for system administration might face severe security risks, including potential unauthorized access to sensitive data and management functionalities within their systems.
Technical Details
The nature of CVE-2025-26633 involves improper neutralization, which enables attackers to exploit weaknesses in the way that security features are enforced within the Microsoft Management Console. This flaw creates avenues for attackers to gain elevated access without proper authorization, circumventing established security protocols. Such technical intricacies could allow for further exploitation of the underlying system if left unaddressed.
Potential Impact of CVE-2025-26633
-
Unauthorized Access: The primary risk is that attackers can gain unauthorized control over the MMC, allowing them to manipulate system settings and resources without detection.
-
Data Breaches: By bypassing security measures, attackers could access sensitive information, leading to potential data leaks and breaches that may have regulatory and legal implications.
-
System Compromise: Exploitation of this vulnerability could lead to broader system compromises, enabling attackers to deploy malware, conduct further attacks, or disrupt normal operations, thereby affecting business continuity.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20947
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7876
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7009
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
The Hacker NewsCVE-2025-26633Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
Water Gamayun exploited CVE-2025-26633 to deploy SilentPrism, DarkWisp, and stealers with persistence.
6 hours ago
A Deep Dive into Water Gamayun's Arsenal and Infrastructure
Trend Research discusses the delivery methods, custom payloads, and techniques used by Water Gamayun, the suspected Russian threat actor abusing a zero-day vulnerability in the Microsoft Management Console framework (CVE-2025-26633) to execute malicious code on infected machines.
4 days ago
The Hacker NewsCVE-2025-26633EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware
EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.
5 days ago
References
CVSS V3.1
Timeline
- π
Vulnerability started trending
- π°
Used in Ransomware
- π°
First article discovered by Trend Micro
- πΎ
Exploit known to exist
- π¦
CISA Reported
Vulnerability published
Vulnerability Reserved