CVE-2025-47178

HIGH

Microsoft Configuration Manager 2503 < 5.00.9135.1003 - SQL Injection

Title source: rule

Description

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.

Exploits (1)

nomisec WORKING POC 6 stars

by synacktiv · poc

https://github.com/synacktiv/CVE-2025-47178

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47178

Scores

CVSS v3 8.0

EPSS 0.0063

EPSS Percentile 70.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

microsoft/configuration_manager_2503 < 5.00.9135.1003

Published Jul 08, 2025

Tracked Since Feb 18, 2026