CVE-2025-47178
Published Jul 8, 2025
Last updated 2 months ago
AI description
CVE-2025-47178 is an SQL injection vulnerability affecting Microsoft Configuration Manager. Disclosed on July 8, 2025, it stems from improper neutralization of special elements within SQL commands. The vulnerability allows an authorized attacker with adjacent network access to execute code by injecting malicious SQL commands. Successful exploitation could lead to arbitrary SQL execution with elevated privileges, potentially enabling attackers to execute OS-level commands. Microsoft released security updates in July 2025 to address this vulnerability.
- Description
- Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- configuration_manager_2503
CVSS 3.1
- Type
- Primary
- Base score
- 8
- Impact score
- 5.9
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-89
- Hype score
- Not currently trending
New Update | #Microsoft has released hotfix KB34503790, a revised security update for #ConfigMgr versions 2403, 2409, 2503 that resolves the vulnerability described in CVE-2025-47178 - https://t.co/7q5l0cn0qh
@PrajwalDesai
9 Sept 2025
151 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Time to update your Configuration Manager. (KB34503790) A revised update is available to resolve the vulnerability described in CVE-2025-47178. The revision also improves the security of discovery data records (DDR) processing. #ConfigMgr
@MMelkersen
8 Sept 2025
4797 Impressions
17 Retweets
32 Likes
10 Bookmarks
0 Replies
3 Quotes
🚨New Hotfix Update🚨 | Microsoft has released the KB33926600 security update💻 for #ConfigMgr versions 2403 and 2409 on July 30, 2025, addressing the vulnerability🪲outlined in CVE-2025-47178 - https://t.co/BMwGG0VEJC
@PrajwalDesai
31 Jul 2025
229 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
⚡UPDATES! July 9 #ViaMonstraOfficeHours featuring @jarwidmark 💻 SQL Injection vulnerability: CVE-2025-47178, #Intune multi-tenant strategy, and more! #ViaMonstraAcademy Full Office Hours 7.9.25 ➡️ https://t.co/dZRDa3O8Y9 https://t.co/DdL1zVrMMZ
@viamonstra
11 Jul 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47178 Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code … https://t.co/z5GknAIcrY
@CVEnew
9 Jul 2025
582 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:configuration_manager_2503:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "325E8047-7EA2-47EA-87C3-3A5A6A081AA9",
"versionEndExcluding": "5.00.9135.1003"
}
],
"operator": "OR"
}
]
}
]