AI description
CVE-2025-26633 is a security feature bypass vulnerability in the Microsoft Management Console (MMC). It stems from improper neutralization within the MMC, allowing an unauthorized attacker to bypass security restrictions locally. The vulnerability is being actively exploited in the wild by a threat actor known as Water Gamayun (also known as EncryptHub and Larva-208) in a campaign called "MSC EvilTwin". This technique involves the execution of malicious .msc files through a legitimate one by manipulating the Multilingual User Interface Path (MUIPath) to load and execute a malicious file instead of the original one.
- Description
- Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
- Source
- secure@microsoft.com
- NVD status
- Modified
- Products
- windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Secondary
- Base score
- 7
- Impact score
- 5.9
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability
- Exploit added on
- Mar 11, 2025
- Exploit action due
- Apr 1, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-707
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
EncryptHub attackers exploit MMC CVE-2025-26633 vulnerability for payload delivery https://t.co/Bwkh0DbnlN https://t.co/XWLeyoRrbs
@ErcanSah1n
2 Sept 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EncryptHub attackers exploit MMC CVE-2025-26633 vulnerability for payload delivery https://t.co/TzDCdQEE3k https://t.co/Fy8n6cDxdo
@mayurk21
28 Aug 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
28 Aug 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
تم رصد استغلال للثغرة CVE-2025-26633 في أنظمة Windows حيث يقوم المهاجمون بانتحال صفة موظفي الدعم الفني عبر Microsoft Teams ثم خداع الضحايا بملفات MSC مزيفة تُستخدم لنشر برم
@jxccr07
23 Aug 2025
55 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
EncryptHub attackers exploit MMC CVE-2025-26633 vulnerability for payload delivery https://t.co/fJq3RFjul2 https://t.co/Yp28VD4K4P
@CloudVirtues
21 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EncryptHub attackers exploit MMC CVE-2025-26633 vulnerability for payload delivery https://t.co/fIhpfDHh95 https://t.co/O6bdrN0sCa
@SirajD_Official
21 Aug 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EncryptHub attackers exploit MMC CVE-2025-26633 vulnerability for payload delivery https://t.co/NbLZiciQ6R https://t.co/8wcnMYFqcJ
@scandaletti
20 Aug 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#ThreatProtection #EncryptHub attackers exploit MMC #CVE-2025-26633 #vulnerability for payload delivery. Read more: https://t.co/fps5fQ6iDb #Cybercrime #Cybersecurity
@threatintel
20 Aug 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Russian threat actor EncryptHub exploits patched Windows vuln CVE-2025-26633 through social engineering and malicious MSC files to deploy Fickle Stealer malware and backdoors. They use fake IT support requests and compromised Brave Support. #cybersecurity
@bigmacd16684
18 Aug 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EncryptHub is exploiting CVE-2025-26633 using fake video platforms and Brave Support to deliver malware. Payloads use AES-encrypted PowerShell, sideloaded DLLs, and SOCKS5 tunneling to evade detection. Monitor PowerShell activity and review trusted platform access. #Cyber http
@CloneSystemsInc
18 Aug 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EncryptHub leverages social engineering calls, Microsoft Teams remote access, and CVE-2025-26633 to deploy malicious .msc files and payloads like Fickle Stealer using Golang tools and Brave Support. #MSCExploitation #BraveSupport #EncryptHub https://t.co/qOHa7TepaP
@TweetThreatNews
18 Aug 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Cybersecurity Alert Russian group EncryptHub exploits MSC EvilTwin (CVE-2025-26633) to deploy Fickle Stealer via social engineering & rogue MSC files. 🔗 https://t.co/ck8Tv6o4op #CyberSecurity #Malware #ThreatIntel #MSP #TechPIO https://t.co/RvAXSi76OA
@techpio_team
18 Aug 2025
53 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-32778 2 - CVE-2025-8875 3 - CVE-2025-8088 4 - CVE-2025-52970 5 - CVE-2025-26633 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
18 Aug 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2010-5139 2 - CVE-2025-53783 3 - CVE-2025-26633 4 - CVE-2025-31324 5 - CVE-2025-52970 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
17 Aug 2025
143 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Cyber Alert: Hackers found a Windows bug (CVE-2025-26633). They act like IT staff on Microsoft Teams and send fake files (MSC) that install malware. ⚠️ The hackers are a Russian group called EncryptHub. 👉 Don’t open unknown files or trust random IT messages on Teams! h
@techawarenepal
17 Aug 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Nation-state APT UAT-7237 breaches Taiwanese web servers with persistent methods. ERMAC v3.0 source code leak exposes Android banking trojan. Russian group EncryptHub exploits Windows CVE-2025-26633. #Taiwan #ERMAC #WindowsExploit https://t.co/wiVw5DeHb9
@TweetThreatNews
17 Aug 2025
422 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 New Trustwave report exposes EncryptHub’s latest campaign: social engineering + Brave Support abuse + CVE-2025-26633 (MSC EvilTwin) exploitation. Attackers impersonate IT via Teams, drop dual .msc files, and hijack MMC execution paths. https://t.co/nV5W9f1KB8 🛡️ I’
@0x534c
16 Aug 2025
967 Impressions
2 Retweets
11 Likes
11 Bookmarks
0 Replies
0 Quotes
EncryptHub is exploiting the Microsoft flaw CVE-2025-26633 (“MSC EvilTwin”) using rogue MSC files and social engineering to deliver malware, warns Trustwave SpiderLabs, highlighting the need for layered defense strategies. #CyberSecurity https://t.co/s1raQNUmjT
@Cyber_O51NT
16 Aug 2025
3881 Impressions
25 Retweets
60 Likes
17 Bookmarks
1 Reply
0 Quotes
🚨ACTU CYBER🚨 @EncryptHub exploite la faille Windows CVE-2025-26633 avec des malwares furtifs et du social engineering Lien en bio pour lire la suite ! #cybersécurité https://t.co/fkUmC4ueWw
@cybercare_fr
16 Aug 2025
21 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📌 تقوم مجموعة إنكريبت هاب الروسية باستغلال ثغرة أمنية تم تصحيحها في نظام ويندوز لنشر برمجيات خبيثة. رصدت Trustwave SpiderLabs حملة لإنكريبت هاب تجمع بين الهندسة ا
@Cybercachear
16 Aug 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EncryptHub continues to exploit CVE-2025-26633 in Microsoft MMC, highlighting advanced cyber threat tactics. Learn more: https://t.co/UC0bQxGcxs #CyberSecurity #InfoSec
@threatlight
16 Aug 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
👨💻 Hackers are abusing a Windows flaw (CVE-2025-26633) to drop malware—masquerading as IT staff on Microsoft Teams and tricking users with rogue MSC files. The group? EncryptHub, a Russian crew blending social engineering with zero-days. Details → https://t.co/U9ob
@TheHackersNews
16 Aug 2025
79692 Impressions
100 Retweets
257 Likes
102 Bookmarks
9 Replies
5 Quotes
Trustwave SpiderLabs researchers report on an EncryptHub campaign using social engineering and Brave Support abuse to exploit the CVE-2025-26633 vulnerability for malicious payload delivery. #CyberSecurity #Malware https://t.co/1cDn7X1GC3
@Cyber_O51NT
14 Aug 2025
232 Impressions
1 Retweet
3 Likes
0 Bookmarks
1 Reply
0 Quotes
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp #CISO https://t.co/zf2nGqtEh2 https://t.co/nV1qoYZGD3
@compuchris
16 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp #CISO https://t.co/LRr7CbiYd2 https://t.co/jLDH9Gy0ev
@compuchris
8 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Micro's latest report uncovers the sophisticated "Water Gamayun" cyberespionage campaign, exploiting CVE-2025-26633. With state-sponsored actors using spear-phishing and the WaterBear backdoor, vigilance is crucial. https://t.co/TCSfsjhplM
@The4n6Analyst
22 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
22 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
21 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Water Gamayun’s campaign can lead to data breaches and financial loss. Discover how this Russian threat actor exploits a #zeroday #vulnerability in Microsoft Management Console (CVE-2025-26633) and what you can do to stay safe: ⬇️ https://t.co/Dmyt56AOM6
@TrendMicroRSRCH
21 Apr 2025
219 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
20 Apr 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
19 Apr 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
18 Apr 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
18 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
17 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
15 Apr 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Trend Research uncovers Water Gamayun’s arsenal and infrastructure. This suspected Russian threat actor exploits the CVE-2025-26633 #zeroday #vulnerability to execute malicious code and exfiltrate data from compromised systems. https://t.co/hEIZZSGZ0Z
@TrendMicro
15 Apr 2025
369 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
14 Apr 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
13 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
12 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A Russian APT just exploited CVE-2025-26633 using a signed Windows MSC attack. Wild stuff. I broke it down + shared why penetration testing is more important than ever in today’s threat landscape. Read the blog 👇 #CyberSecurity #CVE202526633 #infosec
@FennefLabs
12 Apr 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
12 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Russian hackers exploit CVE-2025-26633 (MSC EvilTwin) to deploy SilentPrism & DarkWisp malware, stealing data with persistent backdoors. Stay vigilant & patch now! #Cybersecurity #ThreatIntel 👇 https://t.co/UmxzxsL5t7
@_F2po_
12 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
11 Apr 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
We uncovered Water Gamayun’s arsenal and infrastructure. This suspected Russian threat actor exploits the CVE-2025-26633 0-day #vulnerability to execute malicious code and exfiltrate data from compromised systems. Here’s what you need to know: https://t.co/rtYGSBFNn3 https://t.c
@TrendMicro
11 Apr 2025
436 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208. #malware Read More: https://t.co/KS8DG3BWEQ http
@pinakinit1
11 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
11 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Water Gamayun’s campaign can lead to data breaches and financial loss. Discover how this Russian threat actor exploits a #zeroday #vulnerability in Microsoft Management Console (CVE-2025-26633) and what you can do to stay safe: ⬇️ https://t.co/Dmyt56AOM6
@TrendMicroRSRCH
11 Apr 2025
353 Impressions
0 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
Trend Research uncovers Water Gamayun’s arsenal and infrastructure. This suspected Russian threat actor exploits the CVE-2025-26633 #zeroday #vulnerability to execute malicious code and exfiltrate data from compromised systems. Learn more here: ⬇️ https://t.co/25Srz2IHDN https:/
@TrendMicroRSRCH
10 Apr 2025
431 Impressions
3 Retweets
9 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
10 Apr 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp The threat actors behin 𝗗𝗼𝗻'𝘁 𝗺𝗶𝘀𝘀 𝗼𝘂𝘁 𝗼𝗻 𝗼𝘂𝗿 𝘁𝘄𝗲𝗲𝘁𝘀. 𝗙𝗼𝗹𝗹𝗼𝘄 𝘁𝗼𝗱𝗮𝘆! @thehackersnews @edgeitech @edgetechnologysolutions @technology https://t.co/XBtpeTlpLi
@Edgeitech
10 Apr 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "6997DE6E-CBAD-4690-A68C-8F10E477DCC2",
"versionEndExcluding": "10.0.10240.20947"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "3CBCF6D9-5085-473C-82F5-98BC246A9C4C",
"versionEndExcluding": "10.0.10240.20947"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "0CF0E174-4692-4AA3-B72E-12E73A1BDBE5",
"versionEndExcluding": "10.0.14393.7876"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "340EF5F8-D4F5-4AD8-9D80-1DEC2F376BE5",
"versionEndExcluding": "10.0.14393.7876"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "67C8DCD7-90C4-431F-BD03-FDFDE170E748",
"versionEndExcluding": "10.0.17763.7009"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "05169574-28AB-4E42-B3DE-710574BB1AD3",
"versionEndExcluding": "10.0.17763.7009"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "714C0D5E-BE31-45AB-A729-FF55DE59F593",
"versionEndExcluding": "10.0.19044.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "0C8B2D45-7059-4FA0-A46C-64A171D287DA",
"versionEndExcluding": "10.0.19044.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "5569800D-B907-47CC-86D2-EC0118157916",
"versionEndExcluding": "10.0.19044.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "A84E706C-3A65-4920-8F80-2A684D3CB110",
"versionEndExcluding": "10.0.19045.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "ED157557-37C1-4802-8746-B87120BA16FA",
"versionEndExcluding": "10.0.19045.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "BE8F0EF2-EED3-4791-AE26-D24D97B673D6",
"versionEndExcluding": "10.0.19045.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "C8949B3E-5847-42F8-A15A-D7515F0EE305",
"versionEndExcluding": "10.0.22621.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "84D4F97D-3BA2-4B7A-B650-5772DE49CE97",
"versionEndExcluding": "10.0.22621.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "82807292-1736-4453-B805-3D471BF94A35",
"versionEndExcluding": "10.0.22631.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "E19130AD-ECD6-4FC4-B2C8-AB058BDEF928",
"versionEndExcluding": "10.0.22631.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "B7ADF37E-1DD3-4539-8922-1E059955FEF1",
"versionEndExcluding": "10.0.26100.3403"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "E0A74D52-ABC0-4733-B892-F8688B6AEBA7",
"versionEndExcluding": "10.0.26100.3403"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AAACC9C4-DDC5-4059-AFE3-A49DB2347A86",
"versionEndExcluding": "10.0.20348.3270"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "96046A7B-76A1-4DCF-AEA5-25344D37E492",
"versionEndExcluding": "10.0.25398.1486"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "CE542697-31D8-4EC2-8135-F0468431FD19",
"versionEndExcluding": "10.0.26100.3403"
}
],
"operator": "OR"
}
]
}
]