June 12, 2026

CVE Watchtower


← Back to CVE List

CVE-2025-55241NVD

Vulnerability Summary

Azure Entra Elevation of Privilege Vulnerability
Severity Level
CRITICAL(10.0)
Published Date
Sep 4, 2025
Last Modified
Sep 18, 2025
Exploitation Status
????
EPSS Score (30-Day)
Data Pending
Root Weakness (CWE)
CWE-287: Improper Authentication β†—
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
CVSS v3.1 Base Metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

External References