Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-47179 (GCVE-0-2025-47179)
Vulnerability from cvelistv5 – Published: 2025-11-11 17:59 – Updated: 2025-12-09 22:39
VLAI?
EPSS
Summary
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Configuration Manager |
Affected:
1.0.0 , < 5.00.9128.1037
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T04:57:11.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Configuration Manager",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "5.00.9128.1037",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Configuration Manager 2409",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "5.00.9132.1031",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:configuration_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.00.9128.1037",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:configuration_manager_2409:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.00.9132.1031",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-11-11T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T22:39:02.754Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Configuration Manager Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47179"
}
],
"title": "Configuration Manager Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-47179",
"datePublished": "2025-11-11T17:59:34.472Z",
"dateReserved": "2025-05-01T17:10:57.981Z",
"dateUpdated": "2025-12-09T22:39:02.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-47179\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2025-11-11T18:15:35.397\",\"lastModified\":\"2025-11-17T17:40:48.507\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:configuration_manager_2403:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.00.9128.1037\",\"matchCriteriaId\":\"DD3A7EF4-3494-4BE8-8ACA-C5DFF72CD6AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:configuration_manager_2409:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.00.9132.1031\",\"matchCriteriaId\":\"85ED19B5-E9EB-4203-8EF2-1C221B22CF41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:configuration_manager_2503:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.0.9135.1013\",\"matchCriteriaId\":\"7C22B35A-E6F2-4FD5-AEA2-F31850DDA104\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47179\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
FKIE_CVE-2025-47179
Vulnerability from fkie_nvd - Published: 2025-11-11 18:15 - Updated: 2025-11-17 17:40
Severity ?
Summary
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47179 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | configuration_manager_2403 | * | |
| microsoft | configuration_manager_2409 | * | |
| microsoft | configuration_manager_2503 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:configuration_manager_2403:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3A7EF4-3494-4BE8-8ACA-C5DFF72CD6AC",
"versionEndExcluding": "5.00.9128.1037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:configuration_manager_2409:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85ED19B5-E9EB-4203-8EF2-1C221B22CF41",
"versionEndExcluding": "5.00.9132.1031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:configuration_manager_2503:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C22B35A-E6F2-4FD5-AEA2-F31850DDA104",
"versionEndExcluding": "5.0.9135.1013",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally."
}
],
"id": "CVE-2025-47179",
"lastModified": "2025-11-17T17:40:48.507",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-11-11T18:15:35.397",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47179"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
CNVD-2025-29931
Vulnerability from cnvd - Published: 2025-12-04
VLAI Severity ?
Title
Microsoft Configuration Manager权限提升漏洞
Description
Microsoft Configuration Manager是美国微软(Microsoft)公司的一套用于管理企业内部电脑和服务器的解决方案,它可以帮助IT部门保持软件更新、设置配置和安全策略,并监控系统状态。
Microsoft Configuration Manager存在权限提升漏洞,该漏洞是由于访问控制不当,攻击者可利用该漏洞提升权限。
Severity
中
Patch Name
Microsoft Configuration Manager权限提升漏洞的补丁
Patch Description
Microsoft Configuration Manager是美国微软(Microsoft)公司的一套用于管理企业内部电脑和服务器的解决方案,它可以帮助IT部门保持软件更新、设置配置和安全策略,并监控系统状态。
Microsoft Configuration Manager存在权限提升漏洞,该漏洞是由于访问控制不当,攻击者可利用该漏洞提升权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-47179
Reference
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47179
Impacted products
| Name | ['Microsoft Configuration Manager 2409', 'Microsoft Configuration Manager 2403', 'Microsoft Configuration Manager 2503'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-47179",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-47179"
}
},
"description": "Microsoft Configuration Manager\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u7ba1\u7406\u4f01\u4e1a\u5185\u90e8\u7535\u8111\u548c\u670d\u52a1\u5668\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u5b83\u53ef\u4ee5\u5e2e\u52a9IT\u90e8\u95e8\u4fdd\u6301\u8f6f\u4ef6\u66f4\u65b0\u3001\u8bbe\u7f6e\u914d\u7f6e\u548c\u5b89\u5168\u7b56\u7565\uff0c\u5e76\u76d1\u63a7\u7cfb\u7edf\u72b6\u6001\u3002\n\nMicrosoft Configuration Manager\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u8bbf\u95ee\u63a7\u5236\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-47179",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-29931",
"openTime": "2025-12-04",
"patchDescription": "Microsoft Configuration Manager\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u7ba1\u7406\u4f01\u4e1a\u5185\u90e8\u7535\u8111\u548c\u670d\u52a1\u5668\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u5b83\u53ef\u4ee5\u5e2e\u52a9IT\u90e8\u95e8\u4fdd\u6301\u8f6f\u4ef6\u66f4\u65b0\u3001\u8bbe\u7f6e\u914d\u7f6e\u548c\u5b89\u5168\u7b56\u7565\uff0c\u5e76\u76d1\u63a7\u7cfb\u7edf\u72b6\u6001\u3002\r\n\r\nMicrosoft Configuration Manager\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u8bbf\u95ee\u63a7\u5236\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Microsoft Configuration Manager\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Microsoft Configuration Manager 2409",
"Microsoft Configuration Manager 2403",
"Microsoft Configuration Manager 2503"
]
},
"referenceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47179",
"serverity": "\u4e2d",
"submitTime": "2025-11-14",
"title": "Microsoft Configuration Manager\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}
MSRC_CVE-2025-47179
Vulnerability from csaf_microsoft - Published: 2025-11-11 08:00 - Updated: 2025-11-11 08:00Summary
Configuration Manager Elevation of Privilege Vulnerability
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action
Required. The vulnerability documented by this CVE requires customer action to resolve.
{
"document": {
"acknowledgments": [
{
"names": [
"\u003ca href=\"https://x.com/_mayyhem\"\u003eChris Thompson\u003c/a\u003e with \u003ca href=\"https://specterops.io/\"\u003eSpecterOps\u003c/a\u003e"
]
}
],
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-47179 Configuration Manager Elevation of Privilege Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47179"
},
{
"category": "self",
"summary": "CVE-2025-47179 Configuration Manager Elevation of Privilege Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-47179.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Configuration Manager Elevation of Privilege Vulnerability",
"tracking": {
"current_release_date": "2025-11-11T08:00:00.000Z",
"generator": {
"date": "2025-11-11T17:59:10.366Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-47179",
"initial_release_date": "2025-11-11T08:00:00.000Z",
"revision_history": [
{
"date": "2025-11-11T08:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.00.9128.1037",
"product": {
"name": "Microsoft Configuration Manager 2403 \u003c5.00.9128.1037",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "5.00.9128.1037",
"product": {
"name": "Microsoft Configuration Manager 2403 5.00.9128.1037",
"product_id": "12402"
}
}
],
"category": "product_name",
"name": "Microsoft Configuration Manager 2403"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.0.9135.1013",
"product": {
"name": "Microsoft Configuration Manager 2503 \u003c5.0.9135.1013",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "5.0.9135.1013",
"product": {
"name": "Microsoft Configuration Manager 2503 5.0.9135.1013",
"product_id": "16788"
}
}
],
"category": "product_name",
"name": "Microsoft Configuration Manager 2503"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.00.9132.1031",
"product": {
"name": "Microsoft Configuration Manager 2409 \u003c5.00.9132.1031",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "5.00.9132.1031",
"product": {
"name": "Microsoft Configuration Manager 2409 5.00.9132.1031",
"product_id": "20545"
}
}
],
"category": "product_name",
"name": "Microsoft Configuration Manager 2409"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47179",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "An attacker with access to any user account assigned the built-in CMPivot Administrator security role could exploit this vulnerability by escalating privileges. Specifically, they could assign themselves\u2014or another account\u2014the Full Administrator role (or any other elevated role), or modify existing role permissions. This would allow them to bypass intended security boundaries and gain unrestricted access across the hierarchy.",
"title": "How could an attacker exploit this vulnerability?"
},
{
"category": "faq",
"text": "An authorized attacker who successfully exploited this vulnerability could gain configuration manager administrator privileges.",
"title": "What privileges could be gained by an attacker who successfully exploited the vulnerability?"
}
],
"product_status": {
"fixed": [
"12402",
"16788",
"20545"
],
"known_affected": [
"1",
"2",
"3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-47179 Configuration Manager Elevation of Privilege Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47179"
},
{
"category": "self",
"summary": "CVE-2025-47179 Configuration Manager Elevation of Privilege Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-47179.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-11T08:00:00.000Z",
"details": "5.00.9128.1037:Security Update:https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2409/35360093",
"product_ids": [
"3"
],
"url": "https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2409/35360093"
},
{
"category": "vendor_fix",
"date": "2025-11-11T08:00:00.000Z",
"details": "5.0.9135.1013:Security Update:https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2503/32851084",
"product_ids": [
"2"
],
"url": "https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2503/32851084"
},
{
"category": "vendor_fix",
"date": "2025-11-11T08:00:00.000Z",
"details": "5.00.9132.1031:Security Update:https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2409/35360093",
"product_ids": [
"1"
],
"url": "https://learn.microsoft.com/en-us/intune/configmgr/hotfix/2409/35360093"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Elevation of Privilege"
},
{
"category": "exploit_status",
"details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
}
],
"title": "Configuration Manager Elevation of Privilege Vulnerability"
}
]
}
CERTFR-2025-AVI-0998
Vulnerability from certfr_avis - Published: 2025-11-12 - Updated: 2025-11-12
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | OneDrive pour Android versions antérieures à 7.42 | ||
| Microsoft | N/A | Nuance PowerScribe One version 2019.1 antérieures à 2019.1.96.5 | ||
| Microsoft | N/A | Nuance PowerScribe One version 2019.6 antérieures à 2019.6.36.39 | ||
| Microsoft | N/A | Nuance PowerScribe One version 2019.7 antérieures à 2019.7.107.21 | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (GDR) versions antérieures à 14.0.2095.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.14 antérieures à 17.14.17 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (CU 21) versions antérieures à 16.0.4222.2 | ||
| Microsoft | N/A | Nuance PowerScribe One version 2019.10 antérieures à 2019.10.36.4 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (GDR) versions antérieures à 15.0.2155.2 | ||
| Microsoft | N/A | PowerScribe One version 2023.1 SP2 Patch 7 antérieures à 2023.2.3027.0 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (CU 32) versions antérieures à 15.0.4455.2 | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.1 antérieures à 9.1.41.07 | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (CU 31) versions antérieures à 14.0.3515.1 | ||
| Microsoft | N/A | Visual Studio Code versions antérieures à 1.105.0 | ||
| Microsoft | N/A | Nuance PowerScribe 360 version 4.0.3 antérieures à 7.0.197.8 | ||
| Microsoft | N/A | Nuance PowerScribe One version 2019.4 antérieures à 2019.4.9.16 | ||
| Microsoft | N/A | Microsoft Visual Studio Code CoPilot Chat Extension versions antérieures à 0.32.5 | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 (GDR) versions antérieures à 13.0.6475.1 | ||
| Microsoft | N/A | Nuance PowerScribe One version 2019.3 antérieures à 2019.3.16.20 | ||
| Microsoft | N/A | Nuance PowerScribe 360 version 4.0.4 antérieures à 7.0.212.9 | ||
| Microsoft | N/A | Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5526.1001 | ||
| Microsoft | N/A | Microsoft Configuration Manager 2403 versions antérieures à 5.00.9128.1037 | ||
| Microsoft | N/A | Microsoft Configuration Manager 2503 versions antérieures à 5.0.9135.1013 | ||
| Microsoft | N/A | Nuance PowerScribe 360 version 4.0.5 antérieures à 7.0.243.17 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (GDR) versions antérieures à 16.0.1160.1 | ||
| Microsoft | N/A | Nuance PowerScribe 360 version 4.0.9 antérieures à 7.0.528.18 | ||
| Microsoft | N/A | Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.19127.20338 | ||
| Microsoft | N/A | Nuance PowerScribe One version 2019.2 antérieures à 2019.2.9.8 | ||
| Microsoft | N/A | Dynamics 365 Field Service (online) versions antérieures à 8.8.139.398 | ||
| Microsoft | N/A | Microsoft SharePoint Server 2019 versions antérieures à 16.0.10417.20068 | ||
| Microsoft | N/A | Nuance PowerScribe 360 version 4.0.7 antérieures à 7.0.316.9 | ||
| Microsoft | N/A | Nuance PowerScribe One version 2019.9 antérieures à 2019.9.31.19 | ||
| Microsoft | N/A | Nuance PowerScribe One version 2019.5 antérieures à 2019.5.14.39 | ||
| Microsoft | N/A | Nuance PowerScribe 360 version 4.0.6 antérieures à 7.0.277.26 | ||
| Microsoft | N/A | Nuance PowerScribe 360 version 4.0.2 antérieures à 7.0.154.16 | ||
| Microsoft | N/A | Nuance PowerScribe One version 2019.8 antérieures à 2019.8.43.15 | ||
| Microsoft | N/A | Microsoft Configuration Manager 2409 versions antérieures à 5.00.9132.1031 | ||
| Microsoft | N/A | Nuance PowerScribe 360 version 4.0.1 antérieures à 7.0.111.66 | ||
| Microsoft | N/A | Nuance PowerScribe 360 version 4.0.8 antérieures à 7.0.427.13 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OneDrive pour Android versions ant\u00e9rieures \u00e0 7.42",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe One version 2019.1 ant\u00e9rieures \u00e0 2019.1.96.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe One version 2019.6 ant\u00e9rieures \u00e0 2019.6.36.39",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe One version 2019.7 ant\u00e9rieures \u00e0 2019.7.107.21",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 14.0.2095.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.14 ant\u00e9rieures \u00e0 17.14.17",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (CU 21) versions ant\u00e9rieures \u00e0 16.0.4222.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe One version 2019.10 ant\u00e9rieures \u00e0 2019.10.36.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 15.0.2155.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "PowerScribe One version 2023.1 SP2 Patch 7 ant\u00e9rieures \u00e0 2023.2.3027.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 32) versions ant\u00e9rieures \u00e0 15.0.4455.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.1 ant\u00e9rieures \u00e0 9.1.41.07",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (CU 31) versions ant\u00e9rieures \u00e0 14.0.3515.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Visual Studio Code versions ant\u00e9rieures \u00e0 1.105.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe 360 version 4.0.3 ant\u00e9rieures \u00e0 7.0.197.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe One version 2019.4 ant\u00e9rieures \u00e0 2019.4.9.16",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio Code CoPilot Chat Extension versions ant\u00e9rieures \u00e0 0.32.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 (GDR) versions ant\u00e9rieures \u00e0 13.0.6475.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe One version 2019.3 ant\u00e9rieures \u00e0 2019.3.16.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe 360 version 4.0.4 ant\u00e9rieures \u00e0 7.0.212.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016 versions ant\u00e9rieures \u00e0 16.0.5526.1001",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Configuration Manager 2403 versions ant\u00e9rieures \u00e0 5.00.9128.1037",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Configuration Manager 2503 versions ant\u00e9rieures \u00e0 5.0.9135.1013",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe 360 version 4.0.5 ant\u00e9rieures \u00e0 7.0.243.17",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 16.0.1160.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe 360 version 4.0.9 ant\u00e9rieures \u00e0 7.0.528.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server Subscription Edition versions ant\u00e9rieures \u00e0 16.0.19127.20338",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe One version 2019.2 ant\u00e9rieures \u00e0 2019.2.9.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Dynamics 365 Field Service (online) versions ant\u00e9rieures \u00e0 8.8.139.398",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019 versions ant\u00e9rieures \u00e0 16.0.10417.20068",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe 360 version 4.0.7 ant\u00e9rieures \u00e0 7.0.316.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe One version 2019.9 ant\u00e9rieures \u00e0 2019.9.31.19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe One version 2019.5 ant\u00e9rieures \u00e0 2019.5.14.39",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe 360 version 4.0.6 ant\u00e9rieures \u00e0 7.0.277.26",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe 360 version 4.0.2 ant\u00e9rieures \u00e0 7.0.154.16",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe One version 2019.8 ant\u00e9rieures \u00e0 2019.8.43.15",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Configuration Manager 2409 versions ant\u00e9rieures \u00e0 5.00.9132.1031",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe 360 version 4.0.1 ant\u00e9rieures \u00e0 7.0.111.66",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe 360 version 4.0.8 ant\u00e9rieures \u00e0 7.0.427.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-62204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62204"
},
{
"name": "CVE-2025-59499",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59499"
},
{
"name": "CVE-2025-62206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62206"
},
{
"name": "CVE-2025-30398",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30398"
},
{
"name": "CVE-2025-62222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62222"
},
{
"name": "CVE-2025-62449",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62449"
},
{
"name": "CVE-2025-62453",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62453"
},
{
"name": "CVE-2025-62214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62214"
},
{
"name": "CVE-2025-62210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62210"
},
{
"name": "CVE-2025-62211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62211"
},
{
"name": "CVE-2025-47179",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47179"
},
{
"name": "CVE-2025-60722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60722"
}
],
"initial_release_date": "2025-11-12T00:00:00",
"last_revision_date": "2025-11-12T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0998",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-30398",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30398"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62206",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62206"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-47179",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47179"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-60722",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60722"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62222",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62222"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-59499",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59499"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62453",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62453"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62204",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62204"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62211",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62211"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62214",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62214"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62210",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62210"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62449",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62449"
}
]
}
CERTFR-2025-AVI-0998
Vulnerability from certfr_avis - Published: 2025-11-12 - Updated: 2025-11-12
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | OneDrive pour Android versions antérieures à 7.42 | ||
| Microsoft | N/A | Nuance PowerScribe One version 2019.1 antérieures à 2019.1.96.5 | ||
| Microsoft | N/A | Nuance PowerScribe One version 2019.6 antérieures à 2019.6.36.39 | ||
| Microsoft | N/A | Nuance PowerScribe One version 2019.7 antérieures à 2019.7.107.21 | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (GDR) versions antérieures à 14.0.2095.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.14 antérieures à 17.14.17 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (CU 21) versions antérieures à 16.0.4222.2 | ||
| Microsoft | N/A | Nuance PowerScribe One version 2019.10 antérieures à 2019.10.36.4 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (GDR) versions antérieures à 15.0.2155.2 | ||
| Microsoft | N/A | PowerScribe One version 2023.1 SP2 Patch 7 antérieures à 2023.2.3027.0 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (CU 32) versions antérieures à 15.0.4455.2 | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.1 antérieures à 9.1.41.07 | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (CU 31) versions antérieures à 14.0.3515.1 | ||
| Microsoft | N/A | Visual Studio Code versions antérieures à 1.105.0 | ||
| Microsoft | N/A | Nuance PowerScribe 360 version 4.0.3 antérieures à 7.0.197.8 | ||
| Microsoft | N/A | Nuance PowerScribe One version 2019.4 antérieures à 2019.4.9.16 | ||
| Microsoft | N/A | Microsoft Visual Studio Code CoPilot Chat Extension versions antérieures à 0.32.5 | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 (GDR) versions antérieures à 13.0.6475.1 | ||
| Microsoft | N/A | Nuance PowerScribe One version 2019.3 antérieures à 2019.3.16.20 | ||
| Microsoft | N/A | Nuance PowerScribe 360 version 4.0.4 antérieures à 7.0.212.9 | ||
| Microsoft | N/A | Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5526.1001 | ||
| Microsoft | N/A | Microsoft Configuration Manager 2403 versions antérieures à 5.00.9128.1037 | ||
| Microsoft | N/A | Microsoft Configuration Manager 2503 versions antérieures à 5.0.9135.1013 | ||
| Microsoft | N/A | Nuance PowerScribe 360 version 4.0.5 antérieures à 7.0.243.17 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (GDR) versions antérieures à 16.0.1160.1 | ||
| Microsoft | N/A | Nuance PowerScribe 360 version 4.0.9 antérieures à 7.0.528.18 | ||
| Microsoft | N/A | Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.19127.20338 | ||
| Microsoft | N/A | Nuance PowerScribe One version 2019.2 antérieures à 2019.2.9.8 | ||
| Microsoft | N/A | Dynamics 365 Field Service (online) versions antérieures à 8.8.139.398 | ||
| Microsoft | N/A | Microsoft SharePoint Server 2019 versions antérieures à 16.0.10417.20068 | ||
| Microsoft | N/A | Nuance PowerScribe 360 version 4.0.7 antérieures à 7.0.316.9 | ||
| Microsoft | N/A | Nuance PowerScribe One version 2019.9 antérieures à 2019.9.31.19 | ||
| Microsoft | N/A | Nuance PowerScribe One version 2019.5 antérieures à 2019.5.14.39 | ||
| Microsoft | N/A | Nuance PowerScribe 360 version 4.0.6 antérieures à 7.0.277.26 | ||
| Microsoft | N/A | Nuance PowerScribe 360 version 4.0.2 antérieures à 7.0.154.16 | ||
| Microsoft | N/A | Nuance PowerScribe One version 2019.8 antérieures à 2019.8.43.15 | ||
| Microsoft | N/A | Microsoft Configuration Manager 2409 versions antérieures à 5.00.9132.1031 | ||
| Microsoft | N/A | Nuance PowerScribe 360 version 4.0.1 antérieures à 7.0.111.66 | ||
| Microsoft | N/A | Nuance PowerScribe 360 version 4.0.8 antérieures à 7.0.427.13 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OneDrive pour Android versions ant\u00e9rieures \u00e0 7.42",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe One version 2019.1 ant\u00e9rieures \u00e0 2019.1.96.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe One version 2019.6 ant\u00e9rieures \u00e0 2019.6.36.39",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe One version 2019.7 ant\u00e9rieures \u00e0 2019.7.107.21",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 14.0.2095.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.14 ant\u00e9rieures \u00e0 17.14.17",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (CU 21) versions ant\u00e9rieures \u00e0 16.0.4222.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe One version 2019.10 ant\u00e9rieures \u00e0 2019.10.36.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 15.0.2155.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "PowerScribe One version 2023.1 SP2 Patch 7 ant\u00e9rieures \u00e0 2023.2.3027.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 32) versions ant\u00e9rieures \u00e0 15.0.4455.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.1 ant\u00e9rieures \u00e0 9.1.41.07",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (CU 31) versions ant\u00e9rieures \u00e0 14.0.3515.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Visual Studio Code versions ant\u00e9rieures \u00e0 1.105.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe 360 version 4.0.3 ant\u00e9rieures \u00e0 7.0.197.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe One version 2019.4 ant\u00e9rieures \u00e0 2019.4.9.16",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio Code CoPilot Chat Extension versions ant\u00e9rieures \u00e0 0.32.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 (GDR) versions ant\u00e9rieures \u00e0 13.0.6475.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe One version 2019.3 ant\u00e9rieures \u00e0 2019.3.16.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe 360 version 4.0.4 ant\u00e9rieures \u00e0 7.0.212.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016 versions ant\u00e9rieures \u00e0 16.0.5526.1001",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Configuration Manager 2403 versions ant\u00e9rieures \u00e0 5.00.9128.1037",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Configuration Manager 2503 versions ant\u00e9rieures \u00e0 5.0.9135.1013",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe 360 version 4.0.5 ant\u00e9rieures \u00e0 7.0.243.17",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 16.0.1160.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe 360 version 4.0.9 ant\u00e9rieures \u00e0 7.0.528.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server Subscription Edition versions ant\u00e9rieures \u00e0 16.0.19127.20338",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe One version 2019.2 ant\u00e9rieures \u00e0 2019.2.9.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Dynamics 365 Field Service (online) versions ant\u00e9rieures \u00e0 8.8.139.398",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019 versions ant\u00e9rieures \u00e0 16.0.10417.20068",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe 360 version 4.0.7 ant\u00e9rieures \u00e0 7.0.316.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe One version 2019.9 ant\u00e9rieures \u00e0 2019.9.31.19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe One version 2019.5 ant\u00e9rieures \u00e0 2019.5.14.39",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe 360 version 4.0.6 ant\u00e9rieures \u00e0 7.0.277.26",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe 360 version 4.0.2 ant\u00e9rieures \u00e0 7.0.154.16",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe One version 2019.8 ant\u00e9rieures \u00e0 2019.8.43.15",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Configuration Manager 2409 versions ant\u00e9rieures \u00e0 5.00.9132.1031",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe 360 version 4.0.1 ant\u00e9rieures \u00e0 7.0.111.66",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuance PowerScribe 360 version 4.0.8 ant\u00e9rieures \u00e0 7.0.427.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-62204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62204"
},
{
"name": "CVE-2025-59499",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59499"
},
{
"name": "CVE-2025-62206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62206"
},
{
"name": "CVE-2025-30398",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30398"
},
{
"name": "CVE-2025-62222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62222"
},
{
"name": "CVE-2025-62449",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62449"
},
{
"name": "CVE-2025-62453",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62453"
},
{
"name": "CVE-2025-62214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62214"
},
{
"name": "CVE-2025-62210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62210"
},
{
"name": "CVE-2025-62211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62211"
},
{
"name": "CVE-2025-47179",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47179"
},
{
"name": "CVE-2025-60722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60722"
}
],
"initial_release_date": "2025-11-12T00:00:00",
"last_revision_date": "2025-11-12T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0998",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-30398",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30398"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62206",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62206"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-47179",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47179"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-60722",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60722"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62222",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62222"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-59499",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59499"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62453",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62453"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62204",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62204"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62211",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62211"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62214",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62214"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62210",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62210"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62449",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62449"
}
]
}
GHSA-FHX9-G9RQ-H389
Vulnerability from github – Published: 2025-11-11 18:30 – Updated: 2025-11-11 18:30
VLAI?
Details
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
Severity ?
6.7 (Medium)
{
"affected": [],
"aliases": [
"CVE-2025-47179"
],
"database_specific": {
"cwe_ids": [
"CWE-284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-11T18:15:35Z",
"severity": "MODERATE"
},
"details": "Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-fhx9-g9rq-h389",
"modified": "2025-11-11T18:30:20Z",
"published": "2025-11-11T18:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47179"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47179"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…