A critical security flaw involving legacy actor tokens and a vulnerability in Azure AD Graph API could have allowed worldwide access to Microsoft Entra ID tenants. Security researcher Dirk-jan Mollema discovered these issues, leading to a resolved privilege escalation vulnerability. #AzureADGraph #ActorTokens
Keypoints
- Legacy actor tokens and a vulnerability in Azure AD Graph API exposed Entra ID tenants to potential breaches.
- Actor tokens are unsigned and can impersonate any user with 24-hour validity, complicating security controls.
- Researcher Dirk-jan Mollema demonstrated how these tokens enable full tenant compromise and administrator impersonation.
- Microsoft plans to phase out actor tokens and patched the critical vulnerability, CVE-2025-55241, in September 2025.
- The flaw allowed attackers to generate impersonation tokens for high-privilege users without leaving trace logs.