CVEFinder.io

CVE-2025-55241

⛔ critical
🔍 Scan for this CVE
Summary

Azure Entra ID Elevation of Privilege Vulnerability

CVSS Score
10.0
Critical
EPSS Score
0.1
Exploit Probability
Published Date
2025-09-04
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Extremely High Risk - more severe than 100.0% of all 330,193 vulnerabilities in our database.

#1
Top 5% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: Sep 18, 2025
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2025-09-24
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-287

📦 Affected Products 1

Vendor Product Status Affected Versions
microsoft entra_id Affected
v-

🔗 References 2

https://msrc.microsoft.com/update-guide/vulnerabilit...
Vendor Advisory
https://dirkjanm.io/obtaining-global-admin-in-every-...
Technical Description Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-33843 ⛔ critical 9.1 0.1 Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized ... 2026-05-22
CVE-2026-42901 ⛔ critical 10.0 0.0 Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network. 2026-05-22
CVE-2026-40379 ⛔ critical 9.3 0.1 Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform ... 2026-05-12
CVE-2026-24305 ⛔ critical 9.3 0.1 Azure Entra ID Elevation of Privilege Vulnerability 2026-01-22
CVE-2025-59218 ⛔ critical 9.6 0.1 Azure Entra ID Elevation of Privilege Vulnerability 2025-10-09
CVE-2025-59246 ⛔ critical 9.8 0.1 Azure Entra ID Elevation of Privilege Vulnerability 2025-10-09
These CVEs affect the same products