CVE-2025-59213

Published Oct 14, 2025

Last updated a month ago

CVSS high 8.8

Overview

Description
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network.
Source
secure@microsoft.com
NVD status
Modified
Products
configuration_manager_2403, configuration_manager_2409, configuration_manager_2503

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-89

Social media

Hype score
Not currently trending

  1. **CVE-2025-59213** pertains to an **SQL Injection vulnerability** within **Microsoft Configuration Manager** (also known as SCCM). The vulnerability arises from improper neutralization of special elements in SQL commands, which allows an attacker to inject malicious SQL code.

    @CveTodo

    14 Oct 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.CVE-2025-47179
  2. Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.CVE-2025-59501
  3. Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.CVE-2025-55320
  4. Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.CVE-2025-47178
  5. Microsoft Configuration Manager SQL Injection VulnerabilityCVE-2024-43468

References

Sources include official advisories and independent security research.