SQL Injection Vulnerability in Microsoft Configuration Manager
CVE-2025-47178
Key Information:
- Vendor
Microsoft
- Vendor
- CVE Published:
- 8 July 2025
Badges
What is CVE-2025-47178?
CVE-2025-47178 is a significant security vulnerability found in Microsoft Configuration Manager, a widely used tool for managing large groups of computers within an organization. The purpose of this software is to automate the deployment of applications, manage system updates, and conduct system monitoring, ensuring that all devices operate effectively and securely. The vulnerability in question arises from improper handling of SQL commands, allowing an authorized attacker to perform SQL injection attacks. Such an attack could enable the adversary to execute unauthorized code over an adjacent network, posing a severe threat to organizational infrastructure and data integrity.
Potential impact of CVE-2025-47178
-
Unauthorized Code Execution: Exploitation of this vulnerability could allow attackers to execute arbitrary commands and scripts on affected systems, granting them unauthorized access and control. This access could lead to further exploitation, data exfiltration, or system compromise.
-
Data Breach Risks: With the capability to execute code remotely, attackers could potentially gain access to sensitive or confidential information stored within the organization's systems. Such breaches could have severe repercussions, including financial loss and reputational damage.
-
Network Compromise: The vulnerability allows the execution of code over an adjacent network, which means that a successful exploit can lead to lateral movement within the organization's network. This could facilitate the attackerās ability to infiltrate additional systems, escalating the overall risk to the organization's cybersecurity posture.
Affected Version(s)
Microsoft Configuration Manager Unknown 1.0.0 < 5.00.9135.1003