Cyber Posture

CVE-2025-59213

High

Published: 14 October 2025

Published
14 October 2025
Modified
13 February 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0010 27.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may leverage databases to mine valuable information.

Security Summary

CVE-2025-59213 is an SQL injection vulnerability (CWE-89) in Microsoft Configuration Manager, stemming from improper neutralization of special elements used in an SQL command. Published on 2025-10-14, it carries a CVSS v3.1 base score of 8.8 (High), with vector AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating high impacts on confidentiality, integrity, and availability.

An unauthorized attacker on an adjacent network can exploit this vulnerability with low complexity and no required privileges or user interaction. Successful exploitation enables privilege escalation, potentially allowing the attacker to gain elevated access within the affected Configuration Manager environment.

The Microsoft Security Response Center (MSRC) advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59213 provides details on mitigation and available patches. Security practitioners should consult this resource for specific remediation steps, such as applying updates to vulnerable installations.

Details

CWE(s)
CWE-89

Affected Products

microsoft
configuration manager 2403
≤ 5.00.9128.1035
microsoft
configuration manager 2409
≤ 5.00.9132.1029
microsoft
configuration manager 2503
≤ 5.00.9135.1008

MITRE ATT&CK Enterprise Techniques

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
attack.mitre.org →
Why these techniques?

SQL injection in Microsoft Configuration Manager enables arbitrary database queries for data collection (T1213.006), exploitation of a remote management service (T1210), and privilege escalation via the vulnerability (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References