SQL Injection Vulnerability in Microsoft Configuration Manager
CVE-2025-55320

6.8MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Configuration Manager; Microsoft Configuration Manager 2409
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-55320?

An SQL injection vulnerability exists in Microsoft Configuration Manager due to improper handling of special elements in SQL commands. This flaw could allow an authorized attacker to execute arbitrary SQL commands, potentially leading to local privilege escalation and unauthorized access to sensitive information. It is crucial for organizations using this software to apply the latest security updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

Microsoft Configuration Manager 2409 Unknown 1.0.0 < 5.00.9132.1029

Microsoft Configuration Manager Unknown 1.0.0 < 5.00.9135.1008

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Aug 12, 2025

JSON