AI description
CVE-2025-26633 is a security feature bypass vulnerability in the Microsoft Management Console (MMC). It stems from improper neutralization within the MMC, allowing an unauthorized attacker to bypass security restrictions locally. The vulnerability is being actively exploited in the wild by a threat actor known as Water Gamayun (also known as EncryptHub and Larva-208) in a campaign called "MSC EvilTwin". This technique involves the execution of malicious .msc files through a legitimate one by manipulating the Multilingual User Interface Path (MUIPath) to load and execute a malicious file instead of the original one.
- Description
- Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 7
- Impact score
- 5.9
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability
- Exploit added on
- Mar 11, 2025
- Exploit action due
- Apr 1, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-707
- nvd@nist.gov
- NVD-CWE-noinfo
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Actively exploited CVE : CVE-2025-26633
@transilienceai
18 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
17 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
15 Apr 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Trend Research uncovers Water Gamayun’s arsenal and infrastructure. This suspected Russian threat actor exploits the CVE-2025-26633 #zeroday #vulnerability to execute malicious code and exfiltrate data from compromised systems. https://t.co/hEIZZSGZ0Z
@TrendMicro
15 Apr 2025
369 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
14 Apr 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
13 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
12 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A Russian APT just exploited CVE-2025-26633 using a signed Windows MSC attack. Wild stuff. I broke it down + shared why penetration testing is more important than ever in today’s threat landscape. Read the blog 👇 #CyberSecurity #CVE202526633 #infosec
@FennefLabs
12 Apr 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
12 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Russian hackers exploit CVE-2025-26633 (MSC EvilTwin) to deploy SilentPrism & DarkWisp malware, stealing data with persistent backdoors. Stay vigilant & patch now! #Cybersecurity #ThreatIntel 👇 https://t.co/UmxzxsL5t7
@_F2po_
12 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
11 Apr 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
We uncovered Water Gamayun’s arsenal and infrastructure. This suspected Russian threat actor exploits the CVE-2025-26633 0-day #vulnerability to execute malicious code and exfiltrate data from compromised systems. Here’s what you need to know: https://t.co/rtYGSBFNn3 https://t.c
@TrendMicro
11 Apr 2025
436 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208. #malware Read More: https://t.co/KS8DG3BWEQ http
@pinakinit1
11 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
11 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Water Gamayun’s campaign can lead to data breaches and financial loss. Discover how this Russian threat actor exploits a #zeroday #vulnerability in Microsoft Management Console (CVE-2025-26633) and what you can do to stay safe: ⬇️ https://t.co/Dmyt56AOM6
@TrendMicroRSRCH
11 Apr 2025
353 Impressions
0 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
Trend Research uncovers Water Gamayun’s arsenal and infrastructure. This suspected Russian threat actor exploits the CVE-2025-26633 #zeroday #vulnerability to execute malicious code and exfiltrate data from compromised systems. Learn more here: ⬇️ https://t.co/25Srz2IHDN https:/
@TrendMicroRSRCH
10 Apr 2025
431 Impressions
3 Retweets
9 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
10 Apr 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp The threat actors behin 𝗗𝗼𝗻'𝘁 𝗺𝗶𝘀𝘀 𝗼𝘂𝘁 𝗼𝗻 𝗼𝘂𝗿 𝘁𝘄𝗲𝗲𝘁𝘀. 𝗙𝗼𝗹𝗹𝗼𝘄 𝘁𝗼𝗱𝗮𝘆! @thehackersnews @edgeitech @edgetechnologysolutions @technology https://t.co/XBtpeTlpLi
@Edgeitech
10 Apr 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Zero Day Initiative™ (ZDI) reveals Russian threat actor Water Gamayun exploiting a #zeroday #vulnerability (CVE-2025-26633) in Microsoft Management Console. This exploit (MSC EvilTwin) can execute malicious code and exfiltrate data. Read more: ⬇️https://t.co/Dmyt56AOM6 h
@TrendMicroRSRCH
10 Apr 2025
93 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Russian Threat Actors Exploit CVE-2025-26633 in Linux Kernel 🇷🇺 https://t.co/9mv2YUFqYm APT28 is exploiting a Linux kernel flaw (CVE-2025-26633) to escalate privileges and deploy remote access tools in targeted attacks. Patch Linux systems immediately and restrict local use
@Huntio
8 Apr 2025
2409 Impressions
27 Retweets
51 Likes
16 Bookmarks
1 Reply
0 Quotes
この内 CVE-2025-24983、CVE-2025-24984、CVE-2025-24985、CVE-2025-24991、CVE-2025-24993、CVE-2025-26633 の脆弱性について、Microsoft 社では悪用の事実を確認済みと公表しており、今後被害が拡大するおそれがあるため、至急、更新プログラムを適用してください。
@quickshield_jp
7 Apr 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
6 Apr 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Trend Zero Day Initiative™ (ZDI) reveals Russian threat actor Water Gamayun exploiting a #zeroday #vulnerability (CVE-2025-26633) in Microsoft Management Console. This exploit (MSC EvilTwin) can execute malicious code and exfiltrate data. Read more: https://t.co/Dmyt56AOM6 htt
@TrendMicroRSRCH
6 Apr 2025
507 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
6 Apr 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
👀 Microsoft Credits EncryptHub — the Hacker Behind 618+ Breaches — for Disclosing Windows Flaws. 👀 In March 2025, EncryptHub reported 2 critical bugs (CVE-2025-24061 & CVE-2025-24071). Weeks later, he exploited a zero-day (CVE-2025-26633), hitting hundreds of targets usin
@TheHackersNews
5 Apr 2025
13527 Impressions
35 Retweets
80 Likes
15 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
5 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
4 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
4 Apr 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 A Russian group, Water Gamayun, is abusing a Windows zero-day (CVE-2025-26633) to drop two chilling backdoors: SilentPrism & DarkWisp. They’re hiding in plain sight using signed .msi files posing as legit apps like DingTalk & VooV to hijack systems. 👀 Targets? Your
@achi_tech
3 Apr 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
3 Apr 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
2 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[1day1line] CVE-2025-26633: RCE Vulnerability via MUIPath Path in Microsoft Management Console (MMC) The vulnerability was caused by running a .msc file with the same name as the original .msc file in the MUIPath folder without integrity verification. https://t.co/IzlmeaxxrT
@hackyboiz
2 Apr 2025
226 Impressions
1 Retweet
7 Likes
0 Bookmarks
0 Replies
0 Quotes
New Russian Cyberattack Alert Hackers exploit CVE-2025-26633 with MSC EvilTwin, deploying SilentPrism & DarkWisp backdoors. They’re stealing credentials & evading detection. Stay secure! 🔐🔥 https://t.co/5W7Evzwxnk #CyberSecurity #APT #ThreatIntel https://t.co/4nK7
@dCypherIO
2 Apr 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
If you're a windows user, make sure you've updated. CVE-2025-26633, described by Microsoft as an improper neutralization vulnerability in Microsoft Management Console (MMC) that could allow an attacker to bypass a security feature locally. https://t.co/R3nL6FwhIJ
@StealthXploit
1 Apr 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Russian Hackers Exploit #CVE-2025-26633 via #MSC EvilTwin to Deploy SilentPrism and #DarkWisp https://t.co/ZsAS0LyfiB
@ScyScan
1 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
1 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp https://t.co/VrzBpbZOto via @TheHackersNews
@YouAllWant2know
1 Apr 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp https://t.co/2o4qDe7hof https://t.co/RaE8zJy48o
@RigneySec
1 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp Read More-https://t.co/NYzfFIwYH4 #Hackers https://t.co/cGOrs3e4R5
@techpio_team
1 Apr 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2025年に発見されたWindowsのゼロデイ脆弱性(CVE-2025-26633)を悪用し、ロシア系とされる攻撃グループ「Water Gamayun」(別名EncryptHubやLARVA-208)が、新たに「SilentPrism」と「DarkWisp」という2種類のバックドアを配布していることが判明した。
@yousukezan
1 Apr 2025
22 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログで、WindowsのMicrosoft Management Console (MMC)における脆弱性CVE-2025-26633のランサムウェアによる悪用が確認済みに更新。 https://t.co/UOQ6WIgwr5
@__kokumoto
31 Mar 2025
829 Impressions
0 Retweets
6 Likes
0 Bookmarks
1 Reply
0 Quotes
ロシアのハッカー集団がCVE-2025-26633を悪用し、バックドア「SilentPrism」と「DarkWisp」を展開。 「MSC EvilTwin」手法でMMCの脆弱性を突き、情報窃取や持続的攻撃を実行。 https://t.co/CePOgrnwCL
@01ra66it
31 Mar 2025
1388 Impressions
2 Retweets
18 Likes
10 Bookmarks
0 Replies
0 Quotes
🚨 Water Gamayun hackers exploit Windows vulnerability CVE-2025-26633 to deploy SilentPrism and DarkWisp. Malicious packages enable stealthy data theft and remote control. Stay vigilant! 🇷🇺 #RussianHackers #DataExfiltration link: https://t.co/hNjGYEJ39l https://t.co/AJTa5Yo3mB
@TweetThreatNews
31 Mar 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Water Gamayun exploiting Windows 0-day (CVE-2025-26633)! 🚨 ⚠️ Dropping SilentPrism & DarkWisp via fake signed apps (DingTalk, VooV). 🎯 Stealing: Data, credentials, crypto wallets. 🛠 TTPs: LOTL, PowerShell implants, fake WinRAR sites. Stay alert! #APT #ThreatIntel https
@krishna75800113
31 Mar 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A Russian threat group, identified as Water Gamayun, is actively exploiting a zero-day vulnerability in the Microsoft Management Console (MMC) framework, tracked as CVE-2025-26633 (aka MSC EvilTwin), to deploy two potent backdoors: SilentPrism and DarkWisp. This campaign https://
@cytexsmb
31 Mar 2025
184 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
1 Quote
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp https://t.co/qWaEwMtc2v https://t.co/scxK4qMNuM
@talentxfactor
31 Mar 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp https://t.co/0KF0b6eKJU https://t.co/FdmRgcO78J
@TonyBeeTweets
31 Mar 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📍Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp https://t.co/yAOYglHhdL
@cyberetweet
31 Mar 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Hacker News - Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp https://t.co/3AbQ7XqzwX
@buzz_sec
31 Mar 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp #CyberSecurity #CyberAttack #Russia https://t.co/PClMDQ8dnh
@POC__S_
31 Mar 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "6997DE6E-CBAD-4690-A68C-8F10E477DCC2",
"versionEndExcluding": "10.0.10240.20947"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "3CBCF6D9-5085-473C-82F5-98BC246A9C4C",
"versionEndExcluding": "10.0.10240.20947"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "0CF0E174-4692-4AA3-B72E-12E73A1BDBE5",
"versionEndExcluding": "10.0.14393.7876"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "340EF5F8-D4F5-4AD8-9D80-1DEC2F376BE5",
"versionEndExcluding": "10.0.14393.7876"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "67C8DCD7-90C4-431F-BD03-FDFDE170E748",
"versionEndExcluding": "10.0.17763.7009"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "05169574-28AB-4E42-B3DE-710574BB1AD3",
"versionEndExcluding": "10.0.17763.7009"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "714C0D5E-BE31-45AB-A729-FF55DE59F593",
"versionEndExcluding": "10.0.19044.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "0C8B2D45-7059-4FA0-A46C-64A171D287DA",
"versionEndExcluding": "10.0.19044.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "5569800D-B907-47CC-86D2-EC0118157916",
"versionEndExcluding": "10.0.19044.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "A84E706C-3A65-4920-8F80-2A684D3CB110",
"versionEndExcluding": "10.0.19045.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "ED157557-37C1-4802-8746-B87120BA16FA",
"versionEndExcluding": "10.0.19045.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "BE8F0EF2-EED3-4791-AE26-D24D97B673D6",
"versionEndExcluding": "10.0.19045.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "C8949B3E-5847-42F8-A15A-D7515F0EE305",
"versionEndExcluding": "10.0.22621.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "84D4F97D-3BA2-4B7A-B650-5772DE49CE97",
"versionEndExcluding": "10.0.22621.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "82807292-1736-4453-B805-3D471BF94A35",
"versionEndExcluding": "10.0.22631.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "E19130AD-ECD6-4FC4-B2C8-AB058BDEF928",
"versionEndExcluding": "10.0.22631.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "B7ADF37E-1DD3-4539-8922-1E059955FEF1",
"versionEndExcluding": "10.0.26100.3403"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "E0A74D52-ABC0-4733-B892-F8688B6AEBA7",
"versionEndExcluding": "10.0.26100.3403"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AAACC9C4-DDC5-4059-AFE3-A49DB2347A86",
"versionEndExcluding": "10.0.20348.3270"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "96046A7B-76A1-4DCF-AEA5-25344D37E492",
"versionEndExcluding": "10.0.25398.1486"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "CE542697-31D8-4EC2-8135-F0468431FD19",
"versionEndExcluding": "10.0.26100.3403"
}
],
"operator": "OR"
}
]
}
]