VYPR
Unrated severityNVD Advisory· Published Mar 10, 2026· Updated Apr 22, 2026

Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability

CVE-2026-25166

Description

Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally.

Affected products

5
  • Microsoft/Windows ADK for Windows 10, version 2004v5
    Range: -
  • Microsoft/Windows ADK for Windows 11, version 22H2v5
    Range: -
  • Microsoft/Windows ADK for Windows 11, version 23H2v5
    Range: -
  • Microsoft/Windows ADK for Windows 11, version 24H2v5
    Range: -
  • Range: -

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.

CVE-2026-25166 · VYPR