SQL Injection Vulnerability in Microsoft Configuration Manager
CVE-2025-47178

8HIGH

Key Information:

Vendor

Microsoft

Vendor
CVE Published:
8 July 2025

Badges

đź“° News Worthy

What is CVE-2025-47178?

An SQL injection vulnerability in Microsoft Configuration Manager permits authenticated attackers to execute arbitrary code across neighboring networks. This risk arises from inadequate handling of special elements in SQL commands, providing potential opportunities for exploitation in networked environments.

Affected Version(s)

Microsoft Configuration Manager Unknown 1.0.0 < 5.00.9135.1003

News Articles

Microsoft Patch Tuesday, July 2025 Edition

Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft's most-dire…

3 days ago

References

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by Krebs on Security

  • Vulnerability published

  • Vulnerability Reserved

.