CVE-2025-55320

MEDIUM

Microsoft Configuration Manager - SQL Injection

Title source: llm

Description

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network.

Exploits (1)

nomisec WORKING POC

by synacktiv · poc

https://github.com/synacktiv/CVE-2025-55320

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55320

Scores

CVSS v3 6.8

EPSS 0.0013

EPSS Percentile 31.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (3)

microsoft/configuration_manager_2403 < 5.00.9128.1035

microsoft/configuration_manager_2409 < 5.00.9132.1029

microsoft/configuration_manager_2503 < 5.00.9135.1008

Published Oct 14, 2025

Tracked Since Feb 18, 2026