CNNVD-202509-425 Information

CNNVD ID

CNNVD-202509-425

Related CVE

CVE-2025-55241

• CNNVD Published: 2025-09-04

Description (Chinese)

Microsoft Entra是美国Microsoft公司的一款身份与访问管理系统。 Microsoft Entra存在授权问题漏洞，该漏洞源于可能导致权限提升。

Description (English)

Microsoft Entra is an identity and access management system for Microsoft. Microsoft Entra has a mandate gap, which stems from the potential for higher competencies.

Hazard Level

Low

Vulnerability Type

授权问题

Affected Vendor

微软

Published

2025-09-04

Last Modified

2026-02-24

References

https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55241

Patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55241