VDB

GCVE-110-CLOUD-2025-0022

GCVE-110-CLOUD-2025-0022
Advisory Published
Vulnetix · Advisory published January 24, 2025
A configuration change in Entra ID allowed unprivileged users to update their own User Principal Names (UPNs) through interfaces like the Entra admin center and PowerShell. This could lead to impersonation risks. Microsoft quickly fixed the issue after it was reported. The vulnerability affected synchronized hybrid environments as well.

Affected Products

VendorProductVersionsPlatforms
AzureEntra ID

Browse GCVE Records

73,053 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›