Microsoft Configuration Manager 2403 — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Configuration Manager 2403, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2025-59213 — CVSS 8.8 (high): Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an…
CVE-2025-55320 — CVSS 6.8 (medium): Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an…
CVE-2025-47179 — CVSS 6.7 (medium): Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-59501 — CVSS 4.8 (medium): Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent…