Elevation of Privilege Vulnerability in Microsoft Azure Entra ID
CVE-2025-59246

9.8CRITICAL

Key Information:

Vendor: Microsoft
Status: Microsoft Entra
Vendor: CVE Published:; 9 October 2025

What is CVE-2025-59246?

The vulnerability in Azure Entra ID allows for an elevation of privilege, which can potentially enable unauthorized access to sensitive resources and functionalities. Malicious actors could exploit this vulnerability to gain higher privilege levels within the Azure environment, posing a significant security risk. The potential for unauthorized access emphasizes the need for immediate awareness and mitigation measures to safeguard user accounts and organizational data.

Affected Version(s)

Microsoft Entra Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2025
Vulnerability Reserved
Sep 11, 2025

JSON