Volerion logoVolerion
Volerion logoVolerion

Microsoft Configuration Manager Elevation of Privilege Vulnerability

Vulnerability

A vulnerability allowing improper access control has been identified in Microsoft Configuration Manager. This issue enables an authorized attacker to locally elevate privileges. Specifically, an attacker with a user account assigned the CMPivot Administrator role could exploit this vulnerability to gain Configuration Manager administrator privileges. This would allow them to assign elevated roles, such as Full Administrator, to themselves or others, or to modify existing role permissions, thereby bypassing security boundaries and gaining unrestricted access across the hierarchy.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain administrative rights within Configuration Manager.

Remediation

Users can download the security update for Microsoft Configuration Manager versions 2403, 2409, and 2503. Instructions for downloading this security update are available on the Microsoft Learn website.

Added: Nov 11, 2025, 7:39 PM
Updated: Nov 11, 2025, 7:39 PM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
5.0
exploitability
3.5
remediation
7.7
relevance
1.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.