CVE-2025-27743
published 2025-04-08CVE-2025-27743: Untrusted search path in System Center allows an authorized attacker to elevate privileges locally.
PriorityP341high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.75%
50.3th percentile
Untrusted search path in System Center allows an authorized attacker to elevate privileges locally.
Affected
45 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | system_center_data_protection_manager | — | — |
| microsoft | system_center_data_protection_manager | — | — |
| microsoft | system_center_data_protection_manager | — | — |
| microsoft | system_center_data_protection_manager_2019 | — | — |
| microsoft | system_center_data_protection_manager_2022 | — | — |
| microsoft | system_center_data_protection_manager_2025 | — | — |
| microsoft | system_center_operations_manager | — | — |
| microsoft | system_center_operations_manager | — | — |
| microsoft | system_center_operations_manager | — | — |
| microsoft | system_center_operations_manager_2019 | — | — |
| microsoft | system_center_operations_manager_2022 | — | — |
| microsoft | system_center_operations_manager_2025 | — | — |
| microsoft | system_center_orchestrator | — | — |
| microsoft | system_center_orchestrator | — | — |
| microsoft | system_center_orchestrator | — | — |
| microsoft | system_center_orchestrator_2019 | — | — |
| microsoft | system_center_orchestrator_2022 | — | — |
| microsoft | system_center_orchestrator_2025 | — | — |
| microsoft | system_center_service_manager | — | — |
| microsoft | system_center_service_manager | — | — |
| microsoft | system_center_service_manager | — | — |
| microsoft | system_center_service_manager_2019 | — | — |
| microsoft | system_center_service_manager_2022 | — | — |
| microsoft | system_center_service_manager_2025 | — | — |
| microsoft | system_center_virtual_machine_manager | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft System Center Elevation of Privilege Vulnerability
vendor_msrc·2025-04-08·CVSS 7.8
CVE-2025-27743 [HIGH] CWE-426 Microsoft System Center Elevation of Privilege Vulnerability
Microsoft System Center Elevation of Privilege Vulnerability
Description: Untrusted search path in System Center allows an authorized attacker to elevate privileges locally.
FAQ: What Microsoft System Center Products are affected by this vulnerability?
This vulnerability affects the following products under the Microsoft System Center:
System Center Operations Manager
System Center Service Manager
System Center Orchestrator
System Center Data protection Manager
System Center Virtual Machine Manager
For more information about these products see System Center documentation.
FAQ: Will the product version change with the new installation media?
No. The RTM version of all System Center products remain unchanged. There's no change in the product version.
What existing System Center deployme
GHSA
GHSA-6vg9-pg49-5fg4: Untrusted search path in System Center allows an authorized attacker to elevate privileges locally
ghsa_unreviewed·2025-04-08
CVE-2025-27743 [HIGH] CWE-426 GHSA-6vg9-pg49-5fg4: Untrusted search path in System Center allows an authorized attacker to elevate privileges locally
Untrusted search path in System Center allows an authorized attacker to elevate privileges locally.
No detection rules found.
No public exploits indexed.
2025-04-08
Published