CVE-2025-59213: Configuration Manager Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 8.8)

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2025-Oct

Released

2025-10-14

Last Updated

2026-02-13

EPSS Score

0.14% (percentile: 33.1%)

Description

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network.

FAQ

What privileges could be gained by an attacker who successfully exploited the vulnerability? An authorized attacker who successfully exploited this vulnerability could gain configuration manager administrator privileges. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by injecting malicious SQL into the DuplicateAMTMachineRecord method.

Detection & Weaponization (1 sources)

Maturity: Exploit

• GitHub PoC: 1 repositories

Affected Products (3)

System Center

• Microsoft Configuration Manager 2409
• Microsoft Configuration Manager 2503
• Microsoft Configuration Manager 2403

Security Updates (3)

• Release Notes
• Release Notes
• Release Notes

Acknowledgments

<a href="https://x.com/kalimer0x00">Mehdi Elyassa</a> with <a href="https://www.synacktiv.com/">Synacktiv</a>

Revision History

• 2025-10-14: Information published.
• 2026-02-13: Updated information to include CVSS scores. This is an informational change only.