#azure-ad-graph-api

[ follow ]
#entra-id #cve-2025-55241 #actor-tokens #microsoft-entra-id #token-validation-vulnerability
Information security
fromIT Pro
14 hours ago

A terrifying Microsoft flaw could've allowed hackers to compromise 'every Entra ID tenant in the world'

A critical Entra ID vulnerability (CVE-2025-55241) could have allowed cross-tenant full administrative compromise via undocumented 'Actor' tokens and Azure AD Graph API validation flaws.
Information security
fromThe Hacker News
21 hours ago

Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants

A token validation flaw in Microsoft Entra ID could allow attackers to impersonate any user, including Global Administrators, enabling full tenant compromise.
[ Load more ]