CVE-2025-59501
MEDIUMMicrosoft Configuration Manager 2403 < 5.00.9128.1037 - Authentication Bypass by Spoofing
Title source: ruleDescription
Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.
Exploits (2)
nomisec
WORKING POC
25 stars
by garrettfoster13 · poc
https://github.com/garrettfoster13/CVE-2025-59501
github
WORKING POC
2 stars
by adminlove520 · pythonpoc
https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-59501
Scores
CVSS v3
4.8
EPSS
0.0018
EPSS Percentile
39.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-290
Status
published
Products (3)
microsoft/configuration_manager_2403
< 5.00.9128.1037
microsoft/configuration_manager_2409
< 5.00.9132.1031
microsoft/configuration_manager_2503
< 5.0.9135.1013
Published
Oct 31, 2025
Tracked Since
Feb 18, 2026