🟢 CVE-2025-26633

This is a local security feature bypass vulnerability in Microsoft Management Console (MMC) that allows attackers to bypass security features locally. The vulnerability requires local access and user interaction, making it unsuitable for direct internet exploitation.

← Back to Overview
LOW_RISK
Risk Level
7.0
CVSS Score
LOCAL
Attack Vector
Privilege Escalation
ATT&CK Tactic
T1068 — Exploitation for Privilege Escalation
ATT&CK Technique
VERY_LOW
Deployment Risk
Yes (+450d)
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2025-03-11

Added to CISA KEV: 2025-03-11 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-26633 is a security feature bypass vulnerability affecting the Microsoft Management Console (MMC) [3]. It was addressed by Microsoft as part of the March 2025 Patch Tuesday updates [1].

Vulnerability Overview
  • Nature of Vulnerability: Improper neutralization of input in the Microsoft Management Console (MMC) [3].
  • Technical Root Cause: The vulnerability stems from how MMC (`.msc`) files are handled, which allows an attacker to evade file reputation protections [2].
  • CVSS Score: 7.0 (High) [2].
Exploitation and Impact
  • Exploitation Requirements:
* Access Level: Requires local access to the target system [3]. * User Interaction: While specific details on the necessity of user interaction are not always explicitly detailed in every advisory, the nature of bypassing file reputation protections typically implies that a user must be induced to open a malicious `.msc` file.
  • Impact: Successful exploitation allows an attacker to bypass security features and execute code in the context of the current user [2]. This can potentially lead to privilege escalation, data theft, or further system compromise [5] [4].
Threat Landscape
  • Active Exploitation: While the March 2025 Patch Tuesday release included several vulnerabilities that were actively exploited in the wild, reports generally categorize CVE-2025-26633 as a security feature bypass that Microsoft addressed, and it is frequently listed alongside other critical vulnerabilities patched at that time [1].
  • Ransomware/Targeted Attacks: There is no specific, widely publicized evidence linking this CVE exclusively to a single major ransomware campaign or targeted APT group in the available documentation; however, its ability to bypass security protections makes it a valuable primitive for attackers in various stages of an attack chain.
Mitigation and Patch Status
  • Patch Status: Microsoft released a patch for this vulnerability in the March 2025 security updates [4].
  • Recommendation: Organizations are strongly advised to apply the relevant security updates provided by Microsoft to mitigate the risk of exploitation [4].

Sources

  1. CVE-2025-26633 | Tenable

    Microsoft addresses 56 CVEs, including seven zero-day flaws, with six of those being exploited in the wild. References. Advisories. Exploits. Tenable Blogs.https://www.crn.com/news/security/2025/microsoft-discloses-extraordinary-number-of-actively-exploited-vulnerabilities-researcher. ... Microsoft’…

  2. URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively...

    CVE-2025-26633 (CVSS score: 7.0) - An improper neutralization vulnerability in Microsoft Management Console that allows an unauthorized attacker to bypass a security feature locally.The Zero Day Initiative noted that CVE-2025-26633 stems from how MSC files are handled, allowing an attacker to evade…

  3. CVE-2025-26633 Detail - NVD

    Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally. ... Information Technology Laboratory National Vulnerability Database Vulnerabilities ... Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further g…

  4. CVE-2025-26633 Description, Impact and Technical Details

    CVE-2025-26633 is a vulnerability affecting Microsoft Management Console (MMC). An attacker can exploit this improper neutralization issue to bypass security features locally, gaining unauthorized access. This vulnerability may lead to potential data theft or system compromise if an adversary succes…

  5. CVE-2025-26633 - Exploits & Severity - Feedly

    Threat Intelligence Report CVE-2025-26633 is a critical vulnerability in the Microsoft Management Console (MMC) that allows attackers with local access to bypass a key security feature due to improper input sanitization, potentially leading to privilege escalation. While the specific CVSS score and…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed