#azure-ad-graph-api

[ follow ]
#actor-tokens #azure-entra #cross-tenant-impersonation #entra-id #cve-2025-55241 #microsoft-entra-id
Information security
fromSecurityWeek
1 week ago

All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher

Undocumented Microsoft Actor tokens plus an Azure AD Graph validation flaw allowed cross-tenant impersonation without logging, enabling undetectable global Entra ID compromise.
Information security
fromIT Pro
1 week ago

A terrifying Microsoft flaw could've allowed hackers to compromise 'every Entra ID tenant in the world'

A critical Entra ID vulnerability (CVE-2025-55241) could have allowed cross-tenant full administrative compromise via undocumented 'Actor' tokens and Azure AD Graph API validation flaws.
fromThe Hacker News
1 week ago

Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants

A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any user, including Global Administrators, across any tenant. The vulnerability, tracked as CVE-2025-55241, has been assigned the maximum CVSS score of 10.0. It has been described by Microsoft as a privilege escalation flaw in Azure Entra. There is no indication that the issue was exploited in the wild. It has been addressed by the Windows maker as of July 17, 2025, requiring no customer action.
Information security
[ Load more ]