CVE-2025-26633

HIGH7.0

CISA KEVRansomware

Description

Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Changed

Affected products

Microsoft / Windows 10 Version 150710.0.10240.0 – 10.0.10240.20947
Microsoft / Windows 10 Version 160710.0.14393.0 – 10.0.14393.7876
Microsoft / Windows 10 Version 180910.0.17763.0 – 10.0.17763.7009
Microsoft / Windows 10 Version 21H210.0.19044.0 – 10.0.19044.5608
Microsoft / Windows 10 Version 22H210.0.19045.0 – 10.0.19045.5608
Microsoft / Windows 11 version 22H210.0.22621.0 – 10.0.22621.5039
Microsoft / Windows 11 version 22H310.0.22631.0 – 10.0.22631.5039
Microsoft / Windows 11 version 23H210.0.22631.0 – 10.0.22631.5039
Microsoft / Windows 11 Version 24H210.0.26100.0 – 10.0.26100.3476
Microsoft / Windows Server 2008 R2 Service Pack 16.1.7601.0 – 6.1.7601.27618
Microsoft / Windows Server 2008 R2 Service Pack 1 (Server Core installation)6.1.7601.0 – 6.1.7601.27618
Microsoft / Windows Server 2008 Service Pack 26.0.6003.0 – 6.0.6003.23168
Microsoft / Windows Server 2008 Service Pack 2 (Server Core installation)6.0.6003.0 – 6.0.6003.23168
Microsoft / Windows Server 20126.2.9200.0 – 6.2.9200.25368
Microsoft / Windows Server 2012 R26.3.9600.0 – 6.3.9600.22470
Microsoft / Windows Server 2012 R2 (Server Core installation)6.3.9600.0 – 6.3.9600.22470
Microsoft / Windows Server 2012 (Server Core installation)6.2.9200.0 – 6.2.9200.25368
Microsoft / Windows Server 201610.0.14393.0 – 10.0.14393.7876
Microsoft / Windows Server 2016 (Server Core installation)10.0.14393.0 – 10.0.14393.7876
Microsoft / Windows Server 201910.0.17763.0 – 10.0.17763.7009
Microsoft / Windows Server 2019 (Server Core installation)10.0.17763.0 – 10.0.17763.7009
Microsoft / Windows Server 202210.0.20348.0 – 10.0.20348.3328
Microsoft / Windows Server 2022, 23H2 Edition (Server Core installation)10.0.25398.0 – 10.0.25398.1486
Microsoft / Windows Server 202510.0.26100.0 – 10.0.26100.3476
Microsoft / Windows Server 2025 (Server Core installation)10.0.26100.0 – 10.0.26100.3476

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26633