CVE-2025-27743Untrusted Search Path in Microsoft System Center Data Protection Manager 2019

CWE-426Untrusted Search Path4 documents4 sources
Severity
7.8HIGHNVD
EPSS
1.1%
top 21.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
20
Microsoft System Center Data Protection Manager 2019Microsoft System Center Data Protection Manager 2022Microsoft System Center Data Protection Manager 2025+17 more
Timeline
PublishedApr 8

Description

Untrusted search path in System Center allows an authorized attacker to elevate privileges locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages20 packages

NVDmicrosoft/system_center_orchestrator2019, 2022, 2025+2

🔴Vulnerability Details

2
CVEList
Microsoft System Center Elevation of Privilege Vulnerability2025-04-08
GHSA
GHSA-6vg9-pg49-5fg4: Untrusted search path in System Center allows an authorized attacker to elevate privileges locally2025-04-08

📋Vendor Advisories

1
Microsoft
Microsoft System Center Elevation of Privilege Vulnerability2025-04-08
CVE-2025-27743 — Untrusted Search Path in Microsoft | cvebase