CVE-2025-26633 PoC — Microsoft Management Console 安全漏洞

Source

https://github.com/sandsoncosta/CVE-2025-26633

Associated Vulnerability

Title:Microsoft Management Console 安全漏洞 (CVE-2025-26633)
Description:Microsoft Management Console是美国微软（Microsoft）公司的一个通用的管理控制台框架，用于承载和管理各种系统管理工具（称为控制台插件或管理单元）。 Microsoft Management Console存在安全漏洞。攻击者利用该漏洞可以绕过某些功能。以下产品和版本受到影响：Windows Server 2016 (Server Core installation),Windows Server 2008 for 32-bit Systems Service Pack 2

Readme

# CVE-2025-26633 - MSC EvilTwin PoC

## **Proof of Concept (PoC) for CVE-2025-26633 vulnerability exploiting Microsoft Management Console (MMC)**

---

## About

This PoC simulates the CVE-2025-26633 vulnerability, discovered by Trend Micro, which exploits the loading of malicious `.msc` files for remote command execution via HTML with ActiveX in MMC context.

## Notice

> This PoC is for **educational purposes** and should be performed **only in controlled and authorized environments**.
> I am not responsible for any misuse of the information contained in this repository.


## Links

- Full Article: [CVE-2025-26633: Como simular e identificar o ataque MSC EvilTwin](https://sandsoncosta.github.io/blog/cve-2025-26633-como-simular-e-identificar-o-ataque-msc-eviltwin/#5-mitre-attck)

File Snapshot


 [4.0K]  /data/pocs/328d1750c0df65f2d28dd0a2b7eb051815b9675b
├── [ 790]  README.md
├── [4.0K]  stage1
│   └── [1.1K]  dropper.ps1
├── [4.0K]  stage2
│   └── [ 949]  index.html
└── [4.0K]  stage3
    └── [ 139]  shell.ps1

3 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!