CVE-2025-59501
published 2025-10-31CVE-2025-59501: Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.
PriorityP434medium4.8CVSS 3.1
AVAACHPRLUINSUCHINAN
EPSS
3.06%
86.0th percentile
Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | configuration_manager_2403 | < 5.00.9128.1037 | 5.00.9128.1037 |
| microsoft | configuration_manager_2409 | < 5.00.9132.1031 | 5.00.9132.1031 |
| microsoft | configuration_manager_2503 | < 5.0.9135.1013 | 5.0.9135.1013 |
| microsoft | microsoft_configuration_manager | >= 1.0.0 < 5.00.9128.1037 | 5.00.9128.1037 |
| microsoft | microsoft_configuration_manager_2409 | >= 1.0.0 < 5.00.9132.1031 | 5.00.9132.1031 |
| msrc | microsoft_configuration_manager_2403 | — | — |
| msrc | microsoft_configuration_manager_2409 | — | — |
| msrc | microsoft_configuration_manager_2503 | — | — |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
vendor_msrc4.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9wxc-6566-9fgm: Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network
ghsa_unreviewed·2025-10-31
CVE-2025-59501 [MEDIUM] CWE-290 GHSA-9wxc-6566-9fgm: Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network
Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.
Microsoft
Microsoft Configuration Manager Spoofing Vulnerability
vendor_msrc·2025-10-14·CVSS 4.8
CVE-2025-59501 [MEDIUM] CWE-290 Microsoft Configuration Manager Spoofing Vulnerability
Microsoft Configuration Manager Spoofing Vulnerability
Description: Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
For the vulnerability, this means the exploitation requires a specific and uncommon condition: an Active Directory user account must exist with a matching user principal name (UPN) that was not properly synchronized to Microsoft Entra ID.
FAQ: How could an attacker exploit this vulnerability?
An attacker could exploit this vulnerability by modifying the user principal name (UPN) of a valid Microsoft Entra ID account or create a new Account to impersonate an Activ
Suricata
ET WEB_SPECIFIC_APPS Microsoft Configuration Manager Authentication Bypass via Spoofing (CVE-2025-59501)
suricata·2026-01-30·CVSS 4.8
CVE-2025-59501 [MEDIUM] ET WEB_SPECIFIC_APPS Microsoft Configuration Manager Authentication Bypass via Spoofing (CVE-2025-59501)
ET WEB_SPECIFIC_APPS Microsoft Configuration Manager Authentication Bypass via Spoofing (CVE-2025-59501)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Microsoft Configuration Manager Authentication Bypass via Spoofing (CVE-2025-59501)"; flow:established,to_server; http.uri; content:"/AdminService_TokenAuth/wmi/SMS_Admin/"; fast_pattern; http.request_body; content:"|22|AdminSid|22 3a|"; content:"|22|SMS00"; pcre:"/^(?:ALL|UNA)/R"; content:"|22|SMS0001R|22|"; http.method; content:"POST"; reference:url,specterops.io/blog/2025/11/19/sccm-hierarchy-takeover-via-entra-integrationbecause-of-the-implication/; reference:cve,2025-59501; classtype:web-application-attack; sid:2067199; rev:1; metadata:attack_target Server, tls_state TLSDecrypt, created_at 2026_01_30, cve CVE_202
No public exploits indexed.
No writeups or analysis indexed.
2025-10-31
Published