CVE-2025-27743

Summary

Untrusted search path in System Center allows an authorized attacker to elevate privileges locally.

Affected Software

VendorProductVersion RangeStatus
MicrosoftSystem Center Data Protection Manager 2019-affected
MicrosoftSystem Center Data Protection Manager 2022-affected
MicrosoftSystem Center Data Protection Manager 2025-affected
MicrosoftSystem Center Operations Manager 2019-affected
MicrosoftSystem Center Operations Manager 2022-affected
MicrosoftSystem Center Operations Manager 2025-affected
MicrosoftSystem Center Orchestrator 2019-affected
MicrosoftSystem Center Orchestrator 2022-affected
MicrosoftSystem Center Orchestrator 2025-affected
MicrosoftSystem Center Service Manager 2019-affected
MicrosoftSystem Center Service Manager 2022-affected
MicrosoftSystem Center Service Manager 2025-affected
MicrosoftSystem Center Virtual Machine Manager 2019-affected
MicrosoftSystem Center Virtual Machine Manager 2022-affected
MicrosoftSystem Center Virtual Machine Manager 2025-affected

Weaknesses

  • CWE-426: CWE-426: Untrusted Search Path

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References