Exploit for Improper Neutralization in Microsoft CVE-2025-26633

Name: Exploit for Improper Neutralization in Microsoft CVE-2025-26633
Rating: 5 (315 reviews)

2025-04-08 | CVSS 7.0

## https://sploitus.com/exploit?id=ED357CFC-82FE-5DE7-B931-B629F4C2165C
# CVE-2025-26633 - MSC EvilTwin PoC

## **Proof of Concept (PoC) for CVE-2025-26633 vulnerability exploiting Microsoft Management Console (MMC)**

---

## About

This PoC simulates the CVE-2025-26633 vulnerability, discovered by Trend Micro, which exploits the loading of malicious `.msc` files for remote command execution via HTML with ActiveX in MMC context.

## Notice

> This PoC is for **educational purposes** and should be performed **only in controlled and authorized environments**.
> I am not responsible for any misuse of the information contained in this repository.


## Links

- Full Article: [CVE-2025-26633: Como simular e identificar o ataque MSC EvilTwin](https://sandsoncosta.github.io/blog/cve-2025-26633-como-simular-e-identificar-o-ataque-msc-eviltwin/#5-mitre-attck)