CVE-2025-26633 PoC — Microsoft Management Console Security Feature Bypass Vulnerability

Source

https://github.com/sandsoncosta/CVE-2025-26633

Associated Vulnerability

Title:Microsoft Management Console Security Feature Bypass Vulnerability (CVE-2025-26633)
Description:Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

Readme

# CVE-2025-26633 - MSC EvilTwin PoC

## **Proof of Concept (PoC) for CVE-2025-26633 vulnerability exploiting Microsoft Management Console (MMC)**

---

## About

This PoC simulates the CVE-2025-26633 vulnerability, discovered by Trend Micro, which exploits the loading of malicious `.msc` files for remote command execution via HTML with ActiveX in MMC context.

## Notice

> This PoC is for **educational purposes** and should be performed **only in controlled and authorized environments**.
> I am not responsible for any misuse of the information contained in this repository.


## Links

- Full Article: [CVE-2025-26633: Como simular e identificar o ataque MSC EvilTwin](https://sandsoncosta.github.io/blog/cve-2025-26633-como-simular-e-identificar-o-ataque-msc-eviltwin/#5-mitre-attck)

File Snapshot


 [4.0K]  /data/pocs/328d1750c0df65f2d28dd0a2b7eb051815b9675b
├── [ 790]  README.md
├── [4.0K]  stage1
│   └── [1.1K]  dropper.ps1
├── [4.0K]  stage2
│   └── [ 949]  index.html
└── [4.0K]  stage3
    └── [ 139]  shell.ps1

3 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!