CVE-2025-47179— Configuration Manager Elevation of Privilege Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-47179
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Configuration Manager Elevation of Privilege Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Configuration Manager 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Configuration Manager是美国微软(Microsoft)公司的一套用于管理企业内部电脑和服务器的解决方案,它可以帮助IT部门保持软件更新、设置配置和安全策略,并监控系统状态。 Microsoft Configuration Manager存在访问控制错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Microsoft Configuration Manager 2403,Microsoft Configuration Manager 2503,Micro
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Microsoft | Microsoft Configuration Manager | 1.0.0 ~ 5.00.9128.1037 | - | |
| Microsoft | Microsoft Configuration Manager 2409 | 1.0.0 ~ 5.00.9132.1031 | - |
II. Public POCs for CVE-2025-47179
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-47179
请登录查看更多情报信息。
Same Patch Batch · Microsoft · 2025-11-11 · 63 CVEs total
| CVE-2025-60724 | 9.8 CRITICAL | GDI+ Remote Code Execution Vulnerability |
| CVE-2025-62220 | 8.8 HIGH | Windows Subsystem for Linux GUI Remote Code Execution Vulnerability |
| CVE-2025-59499 | 8.8 HIGH | Microsoft SQL Server Elevation of Privilege Vulnerability |
| CVE-2025-62222 | 8.8 HIGH | Agentic AI and Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2025-62210 | 8.7 HIGH | Dynamics 365 Field Service (online) Spoofing Vulnerability |
| CVE-2025-62211 | 8.7 HIGH | Dynamics 365 Field Service (online) Spoofing Vulnerability |
| CVE-2025-30398 | 8.1 HIGH | Nuance PowerScribe 360 Information Disclosure Vulnerability |
| CVE-2025-62452 | 8.0 HIGH | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-62204 | 8.0 HIGH | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2025-60715 | 8.0 HIGH | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-62199 | 7.8 HIGH | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-60713 | 7.8 HIGH | Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability |
| CVE-2025-62216 | 7.8 HIGH | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-60721 | 7.8 HIGH | Windows Administrator Protection Elevation of Privilege Vulnerability |
| CVE-2025-59514 | 7.8 HIGH | Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability |
| CVE-2025-60714 | 7.8 HIGH | Windows OLE Remote Code Execution Vulnerability |
| CVE-2025-60727 | 7.8 HIGH | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-60718 | 7.8 HIGH | Windows Administrator Protection Elevation of Privilege Vulnerability |
| CVE-2025-59512 | 7.8 HIGH | Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability |
| CVE-2025-60710 | 7.8 HIGH | Host Process for Windows Tasks Elevation of Privilege Vulnerability |
Showing top 20 of 63 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Microsoft Configuration Manager
- CVE-2025-59501
Microsoft Configuration Manager Spoofing Vulnerability - CVE-2025-59213
Configuration Manager Elevation of Privilege Vulnerability - CVE-2025-55320
Configuration Manager Elevation of Privilege Vulnerability - CVE-2025-47178
Microsoft Configuration Manager Remote Code Execution Vulner - CVE-2024-43468
Microsoft Configuration Manager Remote Code Execution Vulner
Same vendor: Microsoft
- CVE-2026-42822
Azure Local Disconnected Operations (ALDO) Elevation of Priv - CVE-2026-45495
Microsoft Edge (Chromium-based) Remote Code Execution Vulner - CVE-2026-45494
Microsoft Edge (Chromium-based) Spoofing Vulnerability - CVE-2026-45492
Microsoft Edge (Chromium-based) Security Feature Bypass Vuln - CVE-2026-46383
Microsoft APM: Windows absolute-path tar member overwrite du
Same weakness: CWE-284
- CVE-2026-32994
RocketChat多版本越权访问消息漏洞 - CVE-2026-8752
h2oai h2o-3 Rapids setproperty Primitive AstSetProperty.java - CVE-2026-45301
Open WebUI: Missing permission check in files API allows aut - CVE-2026-44556
Open WebUI: responses passthrough endpoint lacks access cont - CVE-2026-44774
Traefik: Gateway API TraefikService backend accepts rest@int
V. Comments for CVE-2025-47179
No comments yet