CVE-2025-26633 vulnerability in Microsoft Products
Published on March 11, 2025

Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

Vendor Advisory NVD

Known Exploited Vulnerability

This Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to execute code over a network.

The following remediation steps are recommended / required by April 1, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vulnerability Analysis

Products Associated with CVE-2025-26633

You can be notified by stack.watch whenever vulnerabilities like CVE-2025-26633 are published in these products:

Microsoft Windows Server 2008

Microsoft Windows Server 2012

Microsoft Windows Server 2016

Microsoft Windows Server 2019

Microsoft Windows Server 2022 23h2

Microsoft Windows Server 2025

Microsoft Windows 10 1507

Microsoft Windows 10

Microsoft Windows 11

Microsoft Windows 11 23h2

Microsoft Windows 11 24h2

Microsoft Windows Server 2022

What versions are vulnerable to CVE-2025-26633?

Microsoft Windows Server 2008 Version r2 sp1 x64
Microsoft Windows Server 2012 Version r2
Microsoft Windows Server 2016 Version -
Microsoft Windows Server 2012 Version -
Microsoft Windows Server 2008 Version - sp2 x64
Microsoft Windows Server 2019 Version -
Microsoft Windows Server 2008 Version - sp2 x86
Microsoft Windows Server 2022 23h2 Fixed in Version 10.0.25398.1486 x64
Microsoft Windows Server 2025 Fixed in Version 10.0.26100.3403 x64
Microsoft Windows 10 1607 Fixed in Version 10.0.14393.7876 x64
Microsoft Windows 10 1607 Fixed in Version 10.0.14393.7876 x86
Microsoft Windows 10 1809 Fixed in Version 10.0.17763.7009 x64
Microsoft Windows 10 1809 Fixed in Version 10.0.17763.7009 x86
Microsoft Windows 10 21h2 Fixed in Version 10.0.19044.5608 arm64
Microsoft Windows 10 21h2 Fixed in Version 10.0.19044.5608 x64
Microsoft Windows 10 21h2 Fixed in Version 10.0.19044.5608 x86
Microsoft Windows 10 1507 Fixed in Version 10.0.10240.20947 x64
Microsoft Windows 10 1507 Fixed in Version 10.0.10240.20947 x86
Microsoft Windows 10 22h2 Fixed in Version 10.0.19045.5608 arm64
Microsoft Windows 10 22h2 Fixed in Version 10.0.19045.5608 x64
Microsoft Windows 10 22h2 Fixed in Version 10.0.19045.5608 x86
Microsoft Windows 11 22h2 Fixed in Version 10.0.22621.5039 arm64
Microsoft Windows 11 22h2 Fixed in Version 10.0.22621.5039 x64
Microsoft Windows 11 23h2 Fixed in Version 10.0.22631.5039 arm64
Microsoft Windows 11 23h2 Fixed in Version 10.0.22631.5039 x64
Microsoft Windows 11 24h2 Fixed in Version 10.0.26100.3403 arm64
Microsoft Windows 11 24h2 Fixed in Version 10.0.26100.3403 x64
Microsoft Windows Server 2022 Fixed in Version 10.0.20348.3270

CVE-2025-26633 vulnerability in Microsoft ProductsPublished on March 11, 2025

Known Exploited Vulnerability

Vulnerability Analysis

Products Associated with CVE-2025-26633

What versions are vulnerable to CVE-2025-26633?

CVE-2025-26633 vulnerability in Microsoft Products
Published on March 11, 2025