← Back
2025-10-31 16:45CVE-2025-59501microsoft
PUBLISHED5.2CWE-290

Microsoft Configuration Manager Spoofing Vulnerability

Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.

Problem type

Affected products

Microsoft

Microsoft Configuration Manager

< 5.00.9128.1037 - AFFECTED

Microsoft Configuration Manager 2409

< 5.00.9132.1031 - AFFECTED

References

Microsoft Configuration Manager Spoofing Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59501

vendor-advisory

GitHub Security Advisories

GHSA-9wxc-6566-9fgm

Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized...

https://github.com/advisories/GHSA-9wxc-6566-9fgm

Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2025-59501

msrc.microsoft.com

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59501

github.com

https://github.com/advisories/GHSA-9wxc-6566-9fgm

JSON source

Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-59501",
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "dateUpdated": "2025-10-31T20:28:48.214Z",
    "dateReserved": "2025-09-17T03:06:33.547Z",
    "datePublished": "2025-10-31T16:45:40.699Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft",
        "dateUpdated": "2025-10-31T20:28:48.214Z"
      },
      "datePublic": "2025-10-24T07:00:00.000Z",
      "title": "Microsoft Configuration Manager Spoofing Vulnerability",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network."
        }
      ],
      "affected": [
        {
          "vendor": "Microsoft",
          "product": "Microsoft Configuration Manager",
          "platforms": [
            "Unknown"
          ],
          "versions": [
            {
              "version": "1.0.0",
              "status": "affected",
              "versionType": "custom",
              "lessThan": "5.00.9128.1037"
            }
          ]
        },
        {
          "vendor": "Microsoft",
          "product": "Microsoft Configuration Manager 2409",
          "platforms": [
            "Unknown"
          ],
          "versions": [
            {
              "version": "1.0.0",
              "status": "affected",
              "versionType": "custom",
              "lessThan": "5.00.9132.1031"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en-US",
              "description": "CWE-290: Authentication Bypass by Spoofing",
              "cweId": "CWE-290",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59501",
          "name": "Microsoft Configuration Manager Spoofing Vulnerability",
          "tags": [
            "vendor-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ],
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM"
          }
        }
      ]
    }
  }
}

Mitre source

https://cveawg.mitre.org/api/cve/CVE-2025-59501