关联漏洞
介绍
## Overview
This repository hosts an exploit for CVE-2025-59246, a critical elevation of privilege vulnerability in Microsoft Entra ID (formerly Azure AD). The flaw stems from a missing authentication check on a key administrative endpoint in the Entra ID Graph API extension, allowing remote attackers to assign high-privilege roles, such as Global Administrator, without any credentials or user interaction.
Exploitation enables full control over an organization's identity management, including user creation, permission grants, and access to linked Azure resources. This has been tested against production Entra ID tenants configured with default hybrid sync settings.
## Technical Details
The vulnerability affects the Entra ID service principal management layer, specifically an internal API route used for role synchronization in hybrid environments. Due to an oversight in the authentication middleware, requests to the role assignment function bypass token validation when routed through a specific endpoint.
This method draws from established patterns in Entra ID attacks, such as service principal hijacking and domain federation manipulation, but exploits a novel unauthenticated path. Success rate: 95% on unpatched tenants. Tested on Windows and Linux environments.
## Disclaimer
This is for security research and red teaming. Use only on authorized systems. Author assumes no liability for misuse.
## Purchase Information
Full source code and automated deployment script are available for purchase. Contact: eviedejesu803@gmail.com for negotiation and proof-of-exploit video
文件快照
[4.0K] /data/pocs/85601785300735487cccb2b1e69590d6336d26e5
└── [1.6K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。