Microsoft Configuration Manager vulnerabilities
6 known vulnerabilities affecting microsoft/microsoft_configuration_manager.
Total CVEs
6
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2024-43468P1CRITICALCVSS 9.8KEVPoC≥ 1.0.0, < 5.00.91062024-10-08
CVE-2024-43468 [CRITICAL] CWE-89 CVE-2024-43468: Microsoft Configuration Manager Remote Code Execution Vulnerability
Microsoft Configuration Manager Remote Code Execution Vulnerability
nvd
CVE-2025-59213P3HIGHCVSS 8.8≥ 1.0.0, < 5.00.9135.10082025-10-14
CVE-2025-59213 [HIGH] CWE-89 CVE-2025-59213: Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Co
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network.
nvd
CVE-2025-47178P3HIGHCVSS 8.0≥ 1.0.0, < 5.00.9135.10032025-07-08
CVE-2025-47178 [HIGH] CWE-89 CVE-2025-47178: Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Co
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.
nvd
CVE-2025-55320P3MEDIUMCVSS 6.8≥ 1.0.0, < 5.00.9135.10082025-10-14
CVE-2025-55320 [MEDIUM] CWE-89 CVE-2025-55320: Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Co
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network.
nvd
CVE-2025-47179P3MEDIUMCVSS 6.7≥ 1.0.0, < 5.00.9128.10372025-11-11
CVE-2025-47179 [MEDIUM] CWE-284 CVE-2025-47179: Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-59501P4MEDIUMCVSS 4.8≥ 1.0.0, < 5.00.9128.10372025-10-31
CVE-2025-59501 [MEDIUM] CWE-290 CVE-2025-59501: Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker t
Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.
nvd