CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-59246

CVSS 9.8v3.1pub. 2025-10-09upd. 2025-10-16

Azure Entra ID Elevation of Privilege Vulnerability

🤖 AI Analysis
How it works

The vulnerability is classified as CWE-306 (Missing Authentication for Critical Function), which means that a critical system function is accessible without requiring authentication. An attacker can remotely invoke this function without any privileges or user interaction and obtain elevated privileges in the Microsoft Azure Entra ID service.

Impact

An attacker can obtain unauthorized, elevated access to resources protected by Microsoft Azure Entra ID, potentially taking control of organizational identities, resources, and data.

Mitigation & patch

Apply patches available from the vendor according to references: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59246. It is recommended to continuously monitor Microsoft Security Response Center communications for detailed remediation instructions.

Who is affected

Microsoft Entra ID — versions indicated in vendor references (Microsoft Security Response Center).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Microsoft Entra Id

    APP
    Microsoft
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2026-42901CRITICAL10.0PL ✓ten sam produkt

Błąd walidacji źródła w Microsoft Entra ID umożliwia privilege escalation

CVE-2026-33843CRITICAL9.1PL ✓ten sam produkt

Obejście uwierzytelnienia w Microsoft Azure Active Directory B2C

CVE-2026-40379CRITICAL9.3PL ✓ten sam produkt

Ujawnienie wrażliwych danych w Azure Entra ID umożliwiające spoofing

CVE-2026-35431CRITICAL10.0PL ✓ten sam produkt

SSRF w Microsoft Entra ID Entitlement Management umożliwia spoofing

CVE-2026-24305CRITICAL9.3PL ✓ten sam produkt

Microsoft Entra ID — Elevation of Privilege (nieautoryzowane podwyższenie uprawnień)