Apr 2025: Microsoft System Center Elevation of Privilege Vulnerability
CVE-2025-27743 Published on April 8, 2025

Microsoft System Center Elevation of Privilege Vulnerability
Untrusted search path in System Center allows an authorized attacker to elevate privileges locally.

Vendor Advisory NVD

Weakness Type

What is an Untrusted Path Vulnerability?

The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.

CVE-2025-27743 has been classified to as an Untrusted Path vulnerability or weakness.


Products Associated with CVE-2025-27743

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

Microsoft System Center Operations Manager
 
Microsoft System Center Data Protection Manager
 
Microsoft System Center Service Manager
 
Microsoft System Center Orchestrator
 
Microsoft System Center Virtual Machine Manager
 
Microsoft System Center Virtual Machine Manager 2022
 
Microsoft System Center Virtual Machine Manager 2019
 
Microsoft System Center Virtual Machine Manager 2025
 
Microsoft System Center Data Protection Manager 2025
 
Microsoft System Center Data Protection Manager 2022
 
Microsoft System Center Data Protection Manager 2019
 
Microsoft System Center Orchestrator 2019
 
Microsoft System Center Orchestrator 2022
 
Microsoft System Center Orchestrator 2025
 
Microsoft System Center Service Manager 2019
 
Microsoft System Center Service Manager 2022
 
Microsoft System Center Service Manager 2025
 
Microsoft System Center Operations Manager 2019
 
Microsoft System Center Operations Manager 2022
 
Microsoft System Center Operations Manager 2025
 

Affected Versions

Microsoft System Center Data Protection Manager 2019: Microsoft System Center Data Protection Manager 2022: Microsoft System Center Data Protection Manager 2025: Microsoft System Center Operations Manager 2019: Microsoft System Center Operations Manager 2022: Microsoft System Center Operations Manager 2025: Microsoft System Center Orchestrator 2019: Microsoft System Center Orchestrator 2022: Microsoft System Center Orchestrator 2025: Microsoft System Center Service Manager 2019: Microsoft System Center Service Manager 2022: Microsoft System Center Service Manager 2025: Microsoft System Center Virtual Machine Manager 2019: Microsoft System Center Virtual Machine Manager 2022: Microsoft System Center Virtual Machine Manager 2025:

Exploit Probability

EPSS
1.51%
Percentile
81.02%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.