HIGHCVE-2026-25166Published Modified CNA microsoft
CVE-2026-25166: Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability
Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 5
Affected packages
- Microsoft / Windows ADK for Windows 10, version 2004-
- Microsoft / Windows ADK for Windows 11, version 22H2-
- Microsoft / Windows ADK for Windows 11, version 23H2-
- Microsoft / Windows ADK for Windows 11, version 24H2-
- Microsoft / Windows ADK for Windows Server 2022-
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C