VDB

GCVE-110-CLOUD-2025-0049

GCVE-110-CLOUD-2025-0049
Advisory Published
Vulnetix · Advisory published January 24, 2025
A configuration change in Entra ID allowed unprivileged users to update their own User Principal Names (UPNs) through interfaces like the Entra admin center and PowerShell. This could lead to impersonation risks. Microsoft quickly fixed the issue after it was reported. The vulnerability affected synchronized hybrid environments as well.

Affected Products

VendorProductVersionsPlatforms
AzureEntra

Browse GCVE Records

73,734 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›