AI description
Automated description summarized from trusted sources.
CVE-2025-47179 is an improper access control vulnerability found in Microsoft Configuration Manager. This security flaw enables an authorized attacker to elevate their privileges locally on affected systems. Exploitation of this vulnerability requires local system access and high-level privileges, but no user interaction is necessary. The vulnerability impacts several versions of Microsoft Configuration Manager, specifically versions 2403, 2409, and 2503.
- Description
- Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- configuration_manager_2403, configuration_manager_2409, configuration_manager_2503
CVSS 3.1
- Type
- Primary
- Base score
- 6.7
- Impact score
- 5.9
- Exploitability score
- 0.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
- secure@microsoft.com
- CWE-284
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:configuration_manager_2403:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3A7EF4-3494-4BE8-8ACA-C5DFF72CD6AC",
"versionEndExcluding": "5.00.9128.1037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:configuration_manager_2409:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85ED19B5-E9EB-4203-8EF2-1C221B22CF41",
"versionEndExcluding": "5.00.9132.1031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:configuration_manager_2503:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C22B35A-E6F2-4FD5-AEA2-F31850DDA104",
"versionEndExcluding": "5.0.9135.1013",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]