CVE-2025-47178

HIGH

Microsoft Configuration Manager 2503 < 5.00.9135.1003 - Authenticated SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-47178. PoCs published by synacktiv.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-47178, an authenticated SQL injection vulnerability in SCCM's SMS_DeploymentSummary.UpdateClassicDeployment WMI method. The PoC leverages NTLM authentication and crafts malicious SQL queries to exploit the vulnerability.

Description

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.

Exploits (1)

nomisec WORKING POC 6 stars
by synacktiv · poc
https://github.com/synacktiv/CVE-2025-47178

This repository contains a functional exploit for CVE-2025-47178, an authenticated SQL injection vulnerability in SCCM's SMS_DeploymentSummary.UpdateClassicDeployment WMI method. The PoC leverages NTLM authentication and crafts malicious SQL queries to exploit the vulnerability.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Microsoft System Center Configuration Manager (SCCM)
Auth required
Prerequisites: Valid credentials or NTLM hashes for SCCM · Network access to the SCCM AdminService WMI endpoint
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.0
EPSS 0.0204
EPSS Percentile 78.6%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
microsoft/configuration_manager_2503 < 5.00.9135.1003
Published Jul 08, 2025
Tracked Since Feb 18, 2026