CVE-2025-59501
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-31
Last updated on: 2025-11-05
Assigner: Microsoft Corporation
Description
Description
Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | configuration_manager_2403 | to 5.00.9128.1037 (exc) |
| microsoft | configuration_manager_2409 | to 5.00.9132.1031 (exc) |
| microsoft | configuration_manager_2503 | to 5.0.9135.1013 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-290 | This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an authentication bypass caused by spoofing in Microsoft Configuration Manager. It allows an authorized attacker to perform spoofing attacks over an adjacent network, effectively bypassing authentication mechanisms. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker on an adjacent network to spoof identities and bypass authentication controls. This could lead to unauthorized access to systems or data within the Microsoft Configuration Manager environment. [1]
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70