VDB
CVE-2025-26633
CVE-2025-26633
PUBLISHED
KEV
Windows ist ein Betriebssystem von Microsoft. Windows Server 2016 ist ein Betriebssystem von Microsoft. Windows Server 2019 ist ein Betriebssystem von Microsoft.
EPSS 46.59% · 97.7th percentile
Risk Scores
EPSS Score
46.59%
97.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Windows Server 2012 R2 <6.3.9600.22470 | |
| Microsoft | Microsoft Windows Server 2022 <10.0.20348.3270 | |
| Microsoft | Microsoft Windows Server 2016 <10.0.14393.7876 | |
| Microsoft | Microsoft Windows Server 2019 <10.0.17763.7009 | |
| Hitachi | Hitachi Virtual Storage Platform | |
| Microsoft | Microsoft Windows 10 <10.0.10240.20947 | |
| Microsoft | Microsoft Windows Server 2012 <6.2.9200.25368 |
Exploit Intelligence
- CVE-2025-26633 (CVSS 7.8) – Zero-day MMC .msc EvilTwin LPE actively exploited by Water Gamayun APT. PoC creates local admin via malicious MSC file on unpatched Windows 10/11/Server. Patched March 2025. Authorized testing only. (github-poc)
- CVE-2025-26633 (CVSS 7.8) – Zero-day MMC .msc EvilTwin LPE actively exploited by Water Gamayun APT. PoC creates local admin via malicious MSC file on unpatched Windows 10/11/Server. Patched March 2025. Authorized testing only. (github-poc)
- CVE-2025-26633 (CVSS 7.8) – Zero-day MMC .msc EvilTwin LPE actively exploited by Water Gamayun APT. PoC creates local admin via malicious MSC file on unpatched Windows 10/11/Server. Patched March 2025. Authorized testing only. (github-poc)
- CVE-2025-26633 (CVSS 7.8) – Zero-day MMC .msc EvilTwin LPE actively exploited by Water Gamayun APT. PoC creates local admin via malicious MSC file on unpatched Windows 10/11/Server. Patched March 2025. Authorized testing only. (github-poc)
- CVE-2025-26633 (CVSS 7.8) – Zero-day MMC .msc EvilTwin LPE actively exploited by Water Gamayun APT. PoC creates local admin via malicious MSC file on unpatched Windows 10/11/Server. Patched March 2025. Authorized testing only. (github-poc)
- CVE-2025-26633 (CVSS 7.8) – Zero-day MMC .msc EvilTwin LPE actively exploited by Water Gamayun APT. PoC creates local admin via malicious MSC file on unpatched Windows 10/11/Server. Patched March 2025. Authorized testing only. (github-poc)
- CVE-2025-26633 (CVSS 7.8) – Zero-day MMC .msc EvilTwin LPE actively exploited by Water Gamayun APT. PoC creates local admin via malicious MSC file on unpatched Windows 10/11/Server. Patched March 2025. Authorized testing only. (github-poc)
- CVE-2025-26633 (CVSS 7.8) – Zero-day MMC .msc EvilTwin LPE actively exploited by Water Gamayun APT. PoC creates local admin via malicious MSC file on unpatched Windows 10/11/Server. Patched March 2025. Authorized testing only. (github-poc)
- CVE-2025-26633 (CVSS 7.8) – Zero-day MMC .msc EvilTwin LPE actively exploited by Water Gamayun APT. PoC creates local admin via malicious MSC file on unpatched Windows 10/11/Server. Patched March 2025. Authorized testing only. (github-poc)
- CVE-2025-26633 (CVSS 7.8) – Zero-day MMC .msc EvilTwin LPE actively exploited by Water Gamayun APT. PoC creates local admin via malicious MSC file on unpatched Windows 10/11/Server. Patched March 2025. Authorized testing only. (github-poc)
…and 69 more exploits
Timeline
- Mar 11, 2025 CISA KEV Added
- Mar 11, 2025 PoC Published
- Mar 11, 2025 CVE Published
- Mar 12, 2025 EPSS Score
- Mar 17, 2025 Coalition ESS Score
- Mar 19, 2025 EPSS Score
- Mar 25, 2025 EPSS Score
- Apr 1, 2025 EPSS Score
- Apr 20, 2025 EPSS Score
- Apr 21, 2025 PoC Published
- May 13, 2025 PoC Published
- May 15, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0537.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0537 advisory
- https://msrc.microsoft.com/update-guide/ advisory
- https://github.com/0x6rss/CVE-2025-24071_PoC exploit
- https://www.hitachi.com/products/it/storage-solutions/sec_info/2025/04.html advisory