Mar 2025: Microsoft Management Console Security Feature Bypass Vulnerability
CVE-2025-26633 Published on March 11, 2025
Microsoft Management Console Security Feature Bypass Vulnerability
Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
Known Exploited Vulnerability
This Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to execute code over a network.
The following remediation steps are recommended / required by April 1, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Weakness Type
Improper Neutralization
The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
Products Associated with CVE-2025-26633
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft Windows 10 Version 1507:- Version 10.0.10240.0 and below 10.0.10240.20947 is affected.
- Version 10.0.14393.0 and below 10.0.14393.7876 is affected.
- Version 10.0.17763.0 and below 10.0.17763.7009 is affected.
- Version 10.0.19044.0 and below 10.0.19044.5608 is affected.
- Version 10.0.19045.0 and below 10.0.19045.5608 is affected.
- Version 10.0.22621.0 and below 10.0.22621.5039 is affected.
- Version 10.0.22631.0 and below 10.0.22631.5039 is affected.
- Version 10.0.22631.0 and below 10.0.22631.5039 is affected.
- Version 10.0.26100.0 and below 10.0.26100.3476 is affected.
- Version 6.1.7601.0 and below 6.1.7601.27618 is affected.
- Version 6.1.7601.0 and below 6.1.7601.27618 is affected.
- Version 6.0.6003.0 and below 6.0.6003.23168 is affected.
- Version 6.0.6003.0 and below 6.0.6003.23168 is affected.
- Version 6.2.9200.0 and below 6.2.9200.25368 is affected.
- Version 6.2.9200.0 and below 6.2.9200.25368 is affected.
- Version 6.3.9600.0 and below 6.3.9600.22470 is affected.
- Version 6.3.9600.0 and below 6.3.9600.22470 is affected.
- Version 10.0.14393.0 and below 10.0.14393.7876 is affected.
- Version 10.0.14393.0 and below 10.0.14393.7876 is affected.
- Version 10.0.17763.0 and below 10.0.17763.7009 is affected.
- Version 10.0.17763.0 and below 10.0.17763.7009 is affected.
- Version 10.0.20348.0 and below 10.0.20348.3328 is affected.
- Version 10.0.25398.0 and below 10.0.25398.1486 is affected.
- Version 10.0.26100.0 and below 10.0.26100.3476 is affected.
- Version 10.0.26100.0 and below 10.0.26100.3476 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.