← ExploitWatch
HomeExploited Vulnerabilities

CVE-2025-26633 — Actively Exploited: Windows (Microsoft)

Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally.

CVE IDCVE-2025-26633
VendorMicrosoft
ProductWindows
Vulnerability nameMicrosoft Windows Management Console (MMC) Improper Neutralization Vulnerability
Date added2025-03-11
Remediation due2025-04-01
Known ransomware useKnown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
DescriptionMicrosoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →