Main Vulnerability Database Exploits ID:12162 - Exploit for Authentication Bypass by Spoofing in Configuration Manager - CVE-2025-59501

ID:12162 - Exploit for Authentication Bypass by Spoofing in Configuration Manager - CVE-2025-59501

Published: November 28, 2025

Vulnerability identifier: #VU117794

Vulnerability risk: Medium

CVE-ID: CVE-2025-59501

CWE-ID: CWE-290

Exploitation vector: Adjecent network

Vulnerable software:
Configuration Manager

Link to public exploit:

https://github.com/garrettfoster13/CVE-2025-59501

Vulnerability description

The vulnerability allows a remote user to gain access to sensitive information.

the vulnerability exists due to improper authentication checks. Under certain circumstances a remote user can perform spoofing attack and gain access to sensitive information by modifying the user principal name (UPN) of a valid Microsoft Entra ID account or create a new Account to impersonate an Active Directory user with the same UPN that was not synchronized to Entra ID.

Remediation

Install updates from vendor's website.

ID:12162 - Exploit for Authentication Bypass by Spoofing in Configuration Manager - CVE-2025-59501

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human