If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk. 
A gap in access control in Microsoft Entra’s subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them. 
All the guest user needs are the permissions to create subscriptions in



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/06/beware-hidden-risk-in-your-entra.html