Severity by source
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.
Analysis
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.
Technical ContextAI
SQL injection occurs when user-supplied input is incorporated into SQL queries without proper sanitization or parameterized queries.
RemediationAI
Use parameterized queries or prepared statements. Apply input validation and escape special characters. Implement least-privilege database accounts.
More in Configuration Manager 2503
View allMicrosoft Configuration Manager Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerabil
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-20619