CVE-2025-59246
published 2025-10-09CVE-2025-59246: Azure Entra ID Elevation of Privilege Vulnerability
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
6.94%
93.3th percentile
Azure Entra ID Elevation of Privilege Vulnerability
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_entra | — | — |
| msrc | microsoft_entra_id | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- ·Vulnerability has been fully mitigated server-side by Microsoft; no customer action or patch deployment is required. ↗
- ·CVE is classified as 'Exploitation More Likely' despite not yet being publicly disclosed or exploited; defenders should monitor Azure Entra ID privilege escalation activity proactively. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Azure Entra ID Elevation of Privilege Vulnerability
vendor_msrc·2025-10-14·CVSS 9.8
CVE-2025-59246 [CRITICAL] CWE-306 Azure Entra ID Elevation of Privilege Vulnerability
Azure Entra ID Elevation of Privilege Vulnerability
Description: Azure Entra ID Elevation of Privilege Vulnerability
FAQ: Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?
This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.
Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.
Azure Entra ID: Azure Entra ID
Microsoft: Microsoft
Customer Action Required: No
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
GHSA
GHSA-cxvj-x6pm-6vmv: Azure Entra ID Elevation of Privilege Vulnerability
ghsa_unreviewed·2025-10-09
CVE-2025-59246 [CRITICAL] CWE-306 GHSA-cxvj-x6pm-6vmv: Azure Entra ID Elevation of Privilege Vulnerability
Azure Entra ID Elevation of Privilege Vulnerability
No detection rules found.
No public exploits indexed.
Checkpoint
20th October – Threat Intelligence Report
blogs_checkpoint·2025-10-20·CVSS 9.8
CVE-2025-61882 [CRITICAL] 20th October – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 20th October – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 20th October, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
F5 has disclosed a cyber attack, reportedly carried out by a nation-state actor with long-term, persistent access to critical product development environments. The attacker exfiltrated files that included portions of BIG-IP source code and information about undisclosed vulnerabilities. Some stolen files also contained dat
Qualys
Microsoft and Adobe Patch Tuesday, October 2025 Security Update Review | Qualys
blogs_qualys·2025-10-14
Microsoft and Adobe Patch Tuesday, October 2025 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for October 2025
- Adobe Patches for October 2025
- Zero-day Vulnerabilities Patched in October Patch Tuesday Edition
- Critical Severity Vulnerabilities Patched in October Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
- Rapid Response with TruRisk Eliminate
- Automating Risk Elimination and Accelerating Response: Meet Agent Sara
- EVALUATE Vendor-Suggested Mitigation withPolicy Audit
- Qualys Monthly Webinar Series
As cybersecurity threats evolve, Microsoft’s October 2025 Patch Tuesday delivers one of the most comprehensive security updates of the year. Here’s a quick breakdown of what you need t
Qualys
Microsoft and Adobe Patch Tuesday, October 2025 Security Update Review
blogs_qualys·2025-10-14
Microsoft and Adobe Patch Tuesday, October 2025 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for October 2025
Adobe Patches for October 2025
Zero-day Vulnerabilities Patched in October Patch Tuesday Edition
Critical Severity Vulnerabilities Patched in October Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
Rapid Response with TruRisk Eliminate
Automating Risk Elimination and Accelerating Response: Meet Agent Sara
EVALUATE Vendor-Suggested Mitigation withPolicy Audit
Qualys Monthly Webinar Series
As cybersecurity threats evolve, Microsoft’s October 2025 Patch Tuesday delivers one of the most comprehensive security updates of the year. Here’s a quick breakdown of what you need to know.
## Mi
Bleepingcomputer
Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws
blogs_bleepingcomputer·2025-10-14·CVSS 7.8
[HIGH] Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws
## Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws
## Lawrence Abrams
80 Elevation of Privilege Vulnerabilities
11 Security Feature Bypass Vulnerabilities
31 Remote Code Execution Vulnerabilities
28 Information Disclosure Vulnerabilities
11 Denial of Service Vulnerabilities
10 Spoofing Vulnerabilities
When BleepingComputer reports on the Patch Tuesday security updates, we only count those released today by Microsoft. Therefore, the number of flaws does not include those fixed in Azure, Mariner, Microsoft Edge, and other vulnerabilities earlier this month.
Notably, Windows 10 reaches the end of support today , with this being the last Patch Tuesday where Microsoft provides free security updates to the venerable operating system.
To continue receiving security upd
2025-10-09
Published