A critical vulnerability (CVE-2025-55241) in Microsoft Entra ID allows attackers to impersonate Global Administrators across multiple tenants using invisible Actor tokens and a flaw in the Azure AD Graph API. This exploit can access sensitive data and tenant configurations without detection, highlighting significant security risks. #CVE202555241 #MicrosoftEntraID
Keypoints
- The vulnerability involves misuse of Actor tokens and a flaw in the Azure AD Graph API.
- Actor tokens are JWTs that facilitate inter-service communication but are unlogged and undetectable.
- The Azure AD Graph API failure allows impersonation across tenants, breaching tenant isolation.
- Exploits can access user data, tenant settings, application configs, and recovery keys stealthily.
- Microsoft responded with fixes and mitigation measures, and detection relies on anomaly monitoring in audit logs.
Read More: https://thecyberexpress.com/cve-2025-55241-exposes-entra-id-admin-access/