Exposures › CVE-2025-26633

CVE-2025-26633

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2025-03-11
Reference
⌖ exploited in the wild shame 78/100 ransomwareexploited-in-wildunpatched

An unpatched MMC vulnerability in Windows allows local attackers to bypass security features, and it is actively exploited in the wild.

Microsoft's Windows Management Console (MMC) contains an improper neutralization vulnerability that lets unauthorized attackers bypass local security controls. Because it is in CISA's KEV catalog and ransomware-linked, DIB organizations must ensure this is patched immediately to prevent local privilege escalation and lateral movement. Failure to patch exposes systems to active exploitation, violating CMMC/NIST 800-171 requirements for timely patching and increasing the risk of ransomware compromise.

Shame score — The vulnerability is actively exploited in the wild, linked to ransomware, and remains unpatched in the KEV catalog, indicating severe negligence and avoidable risk.

Players implicated

Description

Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally.

Affected FedRAMP products 4 in the catalog

ProductProviderStatusMatch
Azure Commercial Cloud Microsoft Authorized vendor-exact · 0.90
Azure Government (includes Dynamics 365) Microsoft Authorized vendor-exact · 0.90
Microsoft Office 365 GCC High Microsoft In Process vendor-exact · 0.90
Office 365 Multi-Tenant & Supporting Services Microsoft Authorized vendor-exact · 0.90