Cyber Posture

CVE-2025-59213

High

Published: 14 October 2025

Published
14 October 2025
Modified
13 February 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0014 33.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-59213 is a high-severity SQL Injection (CWE-89) vulnerability in Microsoft Configuration Manager 2403. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 33.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

SI-10 directly prevents SQL injection vulnerabilities like CVE-2025-59213 by requiring validation of all inputs to SQL commands in Microsoft Configuration Manager.

SI-2 Flaw Remediation good match
prevent

SI-2 mandates timely remediation of flaws, including applying patches for the specific SQL injection vulnerability in CVE-2025-59213 as advised by MSRC.

SC-7 Boundary Protection partial match
prevent

SC-7 enforces boundary protection to restrict adjacent network access, blocking unauthorized attackers from exploiting the SQL injection in Configuration Manager.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
attack.mitre.org →
Why these techniques?

SQL injection in Microsoft Configuration Manager enables arbitrary database queries for data collection (T1213.006), exploitation of a remote management service (T1210), and privilege escalation via the vulnerability (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges over an adjacent network.

Deeper analysisAI

CVE-2025-59213 is an SQL injection vulnerability (CWE-89) in Microsoft Configuration Manager, stemming from improper neutralization of special elements used in an SQL command. Published on 2025-10-14, it carries a CVSS v3.1 base score of 8.8 (High), with vector AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating high impacts on confidentiality, integrity, and availability.

An unauthorized attacker on an adjacent network can exploit this vulnerability with low complexity and no required privileges or user interaction. Successful exploitation enables privilege escalation, potentially allowing the attacker to gain elevated access within the affected Configuration Manager environment.

The Microsoft Security Response Center (MSRC) advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59213 provides details on mitigation and available patches. Security practitioners should consult this resource for specific remediation steps, such as applying updates to vulnerable installations.

Details

CWE(s)
CWE-89

Affected Products

microsoft
configuration manager 2403
≤ 5.00.9128.1035
microsoft
configuration manager 2409
≤ 5.00.9132.1029
microsoft
configuration manager 2503
≤ 5.00.9135.1008

CVEs Like This One

CVE-2025-47954Same vendor: Microsoft
CVE-2025-59499Same vendor: Microsoft
CVE-2026-26116Same vendor: Microsoft
CVE-2025-49759Same vendor: Microsoft
CVE-2025-53727Same vendor: Microsoft
CVE-2026-20947Same vendor: Microsoft
CVE-2026-23669Same vendor: Microsoft
CVE-2026-21262Same vendor: Microsoft
CVE-2025-62550Same vendor: Microsoft
CVE-2025-21198Same vendor: Microsoft

References