CVE-2025-59213

Summary

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network.

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft Configuration Manager1.0.0 < 5.00.9135.1008affected
MicrosoftMicrosoft Configuration Manager 24091.0.0 < 5.00.9132.1029affected

Weaknesses

  • CWE-89: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References