Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-59213

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges locally.

Published

2025-10-14T17:16:01.807

Last Modified

2025-10-17T15:36:50.607

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.4 (HIGH)

Weaknesses

Type: Secondary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	microsoft	configuration_manager_2403	< 5.00.9128.1035	Yes
Application	microsoft	configuration_manager_2409	< 5.00.9132.1029	Yes
Application	microsoft	configuration_manager_2503	< 5.00.9135.1008	Yes

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59213 Vendor Advisory ([email protected])