VDB
GCVE-110-CLOUD-2024-0025
GCVE-110-CLOUD-2024-0025
Advisory Published
Semperis researchers discovered vulnerabilities in Microsoft applications that allowed privilege elevation in Entra ID beyond expected authorization controls. The most severe finding enabled adding users to privileged roles, including Global Administrator, without proper permissions. The issues affected Device Registration Service, Viva Engage, and Microsoft Rights Management Service. Microsoft has since resolved the vulnerabilities.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Azure | Entra ID, Device Registration Service, Viva Engage, Microsoft Rights Management Service | — | — |
| Azure | Entra | — | — |
Browse GCVE Records
72,921 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.