Aug 10, 2025, 03:12 PM
Researchers at Eye Security uncovered vulnerabilities in Microsoft’s Entra OAuth system that could allow attackers to gain unauthorized access to internal applications. The issue stemmed from misconfigurations in the OAuth consent process, where malicious applications could mimic legitimate ones and trick users into granting excessive permissions. This could lead to data theft, manipulation of AI models like Copilot, or access to sensitive internal tools. The flaw was reported to Microsoft in April 2025, patched by July 2025, and classified as moderate severity, but it highlights broader risks in cloud-based authentication systems, especially in hybrid environments. Eye Security noted parallels to earlier large-scale SharePoint vulnerabilities they discovered in July 2025, reinforcing that such misconfigurations are not isolated. The risks include business email compromise, lateral movement within networks, and targeted phishing.
To mitigate these threats, organizations should immediately audit OAuth consents, enforce least-privilege access, use Entra ID governance tools to review and revoke suspicious permissions, and integrate automated scanning to detect anomalies. This incident underscores the balance between usability and security in OAuth and the need for stronger collaboration between vendors and researchers to prevent future exploits.
To mitigate these threats, organizations should immediately audit OAuth consents, enforce least-privilege access, use Entra ID governance tools to review and revoke suspicious permissions, and integrate automated scanning to detect anomalies. This incident underscores the balance between usability and security in OAuth and the need for stronger collaboration between vendors and researchers to prevent future exploits.