CVE-2025-59501
Published Oct 31, 2025
Last updated 3 months ago
AI description
CVE-2025-59501 is an authentication bypass vulnerability affecting Microsoft Configuration Manager. It allows an authorized attacker to perform spoofing over an adjacent network. The vulnerability can be exploited by modifying the User Principal Name (UPN) of a valid Microsoft Entra ID account or by creating a new account to impersonate an Active Directory user with the same UPN that was not synchronized to Entra ID. Successful exploitation could allow an attacker to gain unauthorized administrative control over Microsoft Configuration Manager and its managed clients.
- Description
- Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- configuration_manager_2403, configuration_manager_2409, configuration_manager_2503
CVSS 3.1
- Type
- Primary
- Base score
- 4.8
- Impact score
- 3.6
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- secure@microsoft.com
- CWE-290
- Hype score
- Not currently trending
CVE-2025-59501 - POC that abuses SCCM's AdminService API when Entra ID integration is enabled to elevate to Full Administrator and takeover an SCCM hierarchy. - @unsigned_sh0rt https://t.co/5hqHCbDVLi
@pentest_swissky
12 Dec 2025
5595 Impressions
21 Retweets
78 Likes
48 Bookmarks
1 Reply
0 Quotes
GitHub - garrettfoster13/CVE-2025-59501: CVE-2025-59501 POC code - https://t.co/BBd0DTNAZ6
@piedpiper1616
24 Nov 2025
4223 Impressions
4 Retweets
30 Likes
19 Bookmarks
0 Replies
0 Quotes
2025-11-21 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― GitHub - garrettfoster13/CVE-2025-59501: CVE-2025-59501 POC code https://t.co/N6cF5atF3X https://t.co/rMf9pcfHKl
@motikan2010
22 Nov 2025
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SCCM’s AdminService uses Entra tokens without confirming the UPN exists in AD. A crafted synced UPN can let an attacker impersonate the site server. Microsoft now requires on-prem SID matching (CVE-2025-59501). Great deep dive by @unsigned_sh0rt! https://t.co/FGAHfaXHsY http
@SpecterOps
19 Nov 2025
6589 Impressions
43 Retweets
128 Likes
56 Bookmarks
0 Replies
0 Quotes
CVE-2025-59501 Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network. https://t.co/zvPAlNTl19
@CVEnew
31 Oct 2025
166 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#securityupdate #microsoft #定例外 2025.10.24 Microsoft Configuration Manager Elevation of Privilege Vulnerability CVE-2025-59501 Security Vulnerability リリース日: 2025年10月24日 - マイクロソフト https://t.co/2E2h5w7dRH
@kawn2020
27 Oct 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:configuration_manager_2403:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD3A7EF4-3494-4BE8-8ACA-C5DFF72CD6AC",
"versionEndExcluding": "5.00.9128.1037"
},
{
"criteria": "cpe:2.3:a:microsoft:configuration_manager_2409:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "85ED19B5-E9EB-4203-8EF2-1C221B22CF41",
"versionEndExcluding": "5.00.9132.1031"
},
{
"criteria": "cpe:2.3:a:microsoft:configuration_manager_2503:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C22B35A-E6F2-4FD5-AEA2-F31850DDA104",
"versionEndExcluding": "5.0.9135.1013"
}
],
"operator": "OR"
}
]
}
]