CVE-2025-59213

HIGH

Microsoft Configuration Manager SQL Injection (2403<5.00.9128.1035, 2409<5.00.9132.1029, 2503<5.00.9135.1008)

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-59213. PoCs published by synacktiv.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2025-59213, targeting Microsoft System Center Configuration Manager (SCCM). The exploit leverages cryptographic operations and crafted SCCM messages to achieve authentication bypass or remote code execution.

Description

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network.

Exploits (1)

nomisec WORKING POC
by synacktiv · poc
https://github.com/synacktiv/CVE-2025-59213

This repository contains a functional exploit PoC for CVE-2025-59213, targeting Microsoft System Center Configuration Manager (SCCM). The exploit leverages cryptographic operations and crafted SCCM messages to achieve authentication bypass or remote code execution.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Complex
Reliability
Reliable
Target: Microsoft System Center Configuration Manager (SCCM)
No auth needed
Prerequisites: Network access to SCCM server · Python environment with cryptography and requests libraries
devstral-2 · analyzed Apr 14, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0034
EPSS Percentile 25.3%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (3)
microsoft/configuration_manager_2403 < 5.00.9128.1035
microsoft/configuration_manager_2409 < 5.00.9132.1029
microsoft/configuration_manager_2503 < 5.00.9135.1008
Published Oct 14, 2025
Tracked Since Feb 18, 2026