"The first centered on undocumented impersonation tokens, called 'Actor tokens', that Microsoft uses in its back-end for service-to-service (S2S) communication. Secondly, a critical flaw in the Azure AD Graph API meant that it didn't properly validate the originating tenant, allowing these tokens to be used for cross-tenant access. "Effectively this means that with a token I requested in my lab tenant I could authenticate as any user, including Global Admins, in any other tenant.""
"Microsoft has patched a flaw in Entra ID - previously known as Azure Active Directory - that could have given an attacker full access to virtually every single Entra ID tenant in the world. The vulnerability, CVE-2025-55241, has been given the maximum CVSS score of 10.0, but doesn't appear to have been exploited in the wild. However, Dirk-jan Mollema, the security researcher who discovered the flaw, said it was "the most impactful Entra ID vulnerability that I will probably ever find"."
Microsoft patched a flaw in Entra ID that could have granted an attacker full access to nearly every Entra ID tenant worldwide, with exceptions likely limited to national cloud deployments. The vulnerability, CVE-2025-55241, received a CVSS score of 10.0 and shows no evidence of exploitation in the wild. Two components enabled the impact: undocumented impersonation 'Actor' tokens used for service-to-service communication and a flaw in the Azure AD Graph API that failed to validate originating tenants. With a lab-obtained token, an attacker could authenticate as any user, including Global Admins, and Actor tokens bypass Conditional Access, preventing tenant-specific mitigation. Access to the Azure AD Graph API could permit any modification permitted to Global Admins, including taking over or creating new identities.
Read at IT Pro
Unable to calculate read time
Collection
[
|
...
]