Token Leakage in Himmelblau for Microsoft Azure Entra ID and Intune
CVE-2025-54781

2.8LOW

Key Information:

Vendor

Himmelblau-idm

Status
Himmelblau
Vendor
CVE Published:
2 August 2025

What is CVE-2025-54781?

The Himmelblau interoperability suite for Microsoft Azure Entra ID and Intune contains a vulnerability where enabling debugging on version 1.0.0 results in the himmelblaud_tasks service inadvertently leaking an Intune service access token to the system journal. This token, although short-lived, can be exploited to ascertain the Intune compliance status of the host device and might allow unauthorized administrative actions, despite the APIs for these actions being undocumented. The vulnerability was addressed in version 1.1.0, and users are advised to disable debugging in Himmelblau to mitigate risks.

Affected Version(s)

himmelblau >= 1.0.0, < 1.1.0

References

https://github.com/himmelblau-idm/himmelblau/security/adv...
x_refsource_CONFIRM
https://github.com/himmelblau-idm/himmelblau/commit/2d512...
x_refsource_MISC
https://github.com/himmelblau-idm/himmelblau/releases/tag...
x_refsource_MISC

CVSS V3.1

Score:
2.8
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

.