VDB
GCVE-110-CLOUD-2025-0041
GCVE-110-CLOUD-2025-0041
Advisory Published
A bug in Entra ID restricted management administrative units allowed creating immutable users that couldn't be modified or disabled, even by Global Administrators. This could enable an attacker to protect a compromised account from containment. The issue was caused by a timing vulnerability when removing users from restricted AUs and required specific steps to remediate affected accounts.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Azure | Entra | — | — |
References
Entra ID Bug Creates Immutable Users
advisory
Browse GCVE Records
73,685 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.