CVE-2025-27743

Published: Apr 8, 2025Modified: Jul 10, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: secure@microsoft.com (Secondary)

Description

Untrusted search path in System Center allows an authorized attacker to elevate privileges locally.

Affected (15)

Products: Microsoft: System Center Data Protection Manager, System Center Operations Manager, System Center Orchestrator, System Center Service Manager, System Center Virtual Machine Manager

5 products

System Center Data Protection Manager

System Center Operations Manager

System Center Orchestrator

System Center Service Manager

System Center Virtual Machine Manager

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Microsoft System Center Data Protection Manager	Version 2019
Microsoft System Center Data Protection Manager	Version 2022
Microsoft System Center Data Protection Manager	Version 2025
Microsoft System Center Operations Manager	Version 2019
Microsoft System Center Operations Manager	Version 2022
Microsoft System Center Operations Manager	Version 2025
Microsoft System Center Orchestrator	Version 2019
Microsoft System Center Orchestrator	Version 2022
Microsoft System Center Orchestrator	Version 2025
Microsoft System Center Service Manager	Version 2019
Microsoft System Center Service Manager	Version 2022
Microsoft System Center Service Manager	Version 2025
Microsoft System Center Virtual Machine Manager	Version 2019
Microsoft System Center Virtual Machine Manager	Version 2022
Microsoft System Center Virtual Machine Manager	Version 2025

Related CWEs

Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27743

Source: secure@microsoft.com

Vendor Advisory

Timeline

No history available yet.