Authentication Bypass Vulnerability in Microsoft Configuration Manager
CVE-2025-59501

4.8MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Configuration Manager; Microsoft Configuration Manager 2409
Vendor: CVE Published:; 31 October 2025

What is CVE-2025-59501?

An authentication bypass vulnerability exists in Microsoft Configuration Manager, which may allow an authorized attacker to exploit the system through spoofing techniques over an adjacent network. This could potentially enable the attacker to impersonate legitimate users and manipulate system operations without proper authorization, posing significant risks to both data integrity and network security.

Affected Version(s)

Microsoft Configuration Manager 2409 Unknown 1.0.0 < 5.00.9132.1031

Microsoft Configuration Manager Unknown 1.0.0 < 5.00.9128.1037

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2025
Vulnerability Reserved
Sep 17, 2025

JSON