Microsoft patches terrifyingly serious Entra ID privilege elevation vulnerability

Details have emerged about a now-patched flaw in Microsoft Entra ID which could have been exploited to gain access to any tenant of any company in the world. Tracked as CVE-2025-55241, the Azure Entra Elevation of Privilege Vulnerability has a CVSS 3.1 severity rating of 10.0. The security researcher who discovered the flaw said that he had “found the most impactful Entra ID vulnerability that I will probably ever find. This vulnerability could have allowed me to compromise every Entra ID tenant in the world”. The vulnerability was made back in July by Dirk-jan Mollema while preparing for Black Hat… [Continue Reading]