- Description
- Azure Entra ID Elevation of Privilege Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- CNA Tags
- exclusively-hosted-service
- Products
- entra_id
CVSS 3.1
- Type
- Primary
- Base score
- 9.6
- Impact score
- 6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
- Severity
- CRITICAL
- secure@microsoft.com
- CWE-284
- Hype score
- Not currently trending
Azure Entra ID bug CVE-2025-59218 (CVSS 9.6) enables unauthenticated privilege escalation, alongside new SSRF and infinite loop issues in API services. Apply vendor fixes. #Vulnerability https://t.co/aWPumBKtkE
@threatcluster
4 Feb 2026
61 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
#securityupdate #microsoft #定例外 2025.10. 9 Azure Entra の特権昇格の脆弱性 CVE-2025-59218 Security Vulnerability リリース日: 2025年10月9日 - マイクロソフト https://t.co/GeQLDASw9T
@kawn2020
13 Oct 2025
104 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
1 Quote
🚨 CRITICAL: CVE-2025-59218 in Microsoft Entra enables privilege escalation via improper access control—no patch yet. User interaction required. Monitor for updates & tighten controls now! https://t.co/1akhezvdGy... https://t.co/E2pmV9pGeC
@offseq
10 Oct 2025
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
**CVE-2025-59218** is a critical elevation of privilege (EoP) vulnerability affecting Microsoft Azure Entra ID (formerly Azure Active Directory). This vulnerability allows an attacker to escalate their privileges within Azure Entra ID, potentially gaining administrative control
@CveTodo
9 Oct 2025
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:entra_id:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D09E509F-AFF3-4991-877A-D197388E7AD4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]