CVE-2025-55241

Azure Entra ID Elevation of Privilege Vulnerability

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 6.0

References

Link	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55241	Vendor Advisory
https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/	Technical Description Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:entra_id:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-09-04 23:15

Updated : 2025-09-24 19:15

NVD link : CVE-2025-55241

Mitre link : CVE-2025-55241

CVE.ORG link : CVE-2025-55241

JSON object : View

Products Affected

microsoft

CWE

CWE-287

Improper Authentication