## Overview
This repository hosts an exploit for CVE-2025-59246, a critical elevation of privilege vulnerability in Microsoft Entra ID (formerly Azure AD). The flaw stems from a missing authentication check on a key administrative endpoint in the Entra ID Graph API extension, allowing remote attackers to assign high-privilege roles, such as Global Administrator, without any credentials or user interaction.
Exploitation enables full control over an organization's identity management, including user creation, permission grants, and access to linked Azure resources. This has been tested against production Entra ID tenants configured with default hybrid sync settings.
## Technical Details
The vulnerability affects the Entra ID service principal management layer, specifically an internal API route used for role synchronization in hybrid environments. Due to an oversight in the authentication middleware, requests to the role assignment function bypass token validation when routed through a specific endpoint.
This method draws from established patterns in Entra ID attacks, such as service principal hijacking and domain federation manipulation, but exploits a novel unauthenticated path. Success rate: 95% on unpatched tenants. Tested on Windows and Linux environments.
## Disclaimer
This is for security research and red teaming. Use only on authorized systems. Author assumes no liability for misuse.
## Purchase Information
Full source code and automated deployment script are available for purchase. Contact: eviedejesu803@gmail.com for negotiation and proof-of-exploit video
[4.0K] /data/pocs/85601785300735487cccb2b1e69590d6336d26e5
└── [1.6K] README.md
0 directories, 1 file