CVE-2025-59213

HIGH

Microsoft Configuration Manager 2403 < 5.00.9128.1035 - SQL Injection

Title source: rule

Description

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network.

Exploits (1)

nomisec WORKING POC

by synacktiv · poc

https://github.com/synacktiv/CVE-2025-59213

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59213

Scores

CVSS v3 8.8

EPSS 0.0010

EPSS Percentile 28.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (3)

microsoft/configuration_manager_2403 < 5.00.9128.1035

microsoft/configuration_manager_2409 < 5.00.9132.1029

microsoft/configuration_manager_2503 < 5.00.9135.1008

Published Oct 14, 2025

Tracked Since Feb 18, 2026