SQL Injection Vulnerability in Microsoft Configuration Manager
CVE-2025-47178

8HIGH

Key Information:

Vendor

Microsoft

Vendor
CVE Published:
8 July 2025

Badges

šŸ“ˆ Score: 118šŸ“° News Worthy

What is CVE-2025-47178?

CVE-2025-47178 is a significant security vulnerability found in Microsoft Configuration Manager, a widely used tool for managing large groups of computers within an organization. The purpose of this software is to automate the deployment of applications, manage system updates, and conduct system monitoring, ensuring that all devices operate effectively and securely. The vulnerability in question arises from improper handling of SQL commands, allowing an authorized attacker to perform SQL injection attacks. Such an attack could enable the adversary to execute unauthorized code over an adjacent network, posing a severe threat to organizational infrastructure and data integrity.

Potential impact of CVE-2025-47178

  1. Unauthorized Code Execution: Exploitation of this vulnerability could allow attackers to execute arbitrary commands and scripts on affected systems, granting them unauthorized access and control. This access could lead to further exploitation, data exfiltration, or system compromise.

  2. Data Breach Risks: With the capability to execute code remotely, attackers could potentially gain access to sensitive or confidential information stored within the organization's systems. Such breaches could have severe repercussions, including financial loss and reputational damage.

  3. Network Compromise: The vulnerability allows the execution of code over an adjacent network, which means that a successful exploit can lead to lateral movement within the organization's network. This could facilitate the attacker’s ability to infiltrate additional systems, escalating the overall risk to the organization's cybersecurity posture.

Affected Version(s)

Microsoft Configuration Manager Unknown 1.0.0 < 5.00.9135.1003

News Articles

Microsoft Patch Tuesday, July 2025 Edition

Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft's most-dire…

References

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • šŸ“°

    First article discovered by Krebs on Security

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-47178 : SQL Injection Vulnerability in Microsoft Configuration Manager