CVE-2025-47179: Configuration Manager Elevation of Privilege Vulnerability

Overview

Severity

Medium (CVSS 6.7)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2025-Nov

Released

2025-11-11

EPSS Score

0.05% (percentile: 17.1%)

Description

Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.

FAQ

How could an attacker exploit this vulnerability? An attacker with access to any user account assigned the built-in CMPivot Administrator security role could exploit this vulnerability by escalating privileges. Specifically, they could assign themselves—or another account—the Full Administrator role (or any other elevated role), or modify existing role permissions. This would allow them to bypass intended security boundaries and gain unrestricted access across the hierarchy. What privileges could be gained by an attacker who successfully exploited the vulnerability? An authorized attacker who successfully exploited this vulnerability could gain configuration manager administrator privileges.

Affected Products (3)

System Center

• Microsoft Configuration Manager 2403
• Microsoft Configuration Manager 2503
• Microsoft Configuration Manager 2409

Security Updates (2)

• Release Notes
• Release Notes

Acknowledgments

<a href="https://x.com/_mayyhem">Chris Thompson</a> with <a href="https://specterops.io/">SpecterOps</a>

Revision History

• 2025-11-11: Information published.