Azure AD Graph API authentication failure security flaw (CVE-2025-55241)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2025-55241 is a critical token validation failure in Microsoft Entra ID and the legacy Azure AD Graph API that could let an attacker impersonate users, including Global Administrators, across any tenant. The flaw was disclosed by Dirk-jan Mollema, affects cross-tenant use of undocumented Actor tokens, and was addressed by Microsoft on July 17, 2025 with no indication of in-the-wild exploitation. It matters because the issue could bypass MFA, Conditional Access, and logging, enabling unauthorized modifications and full tenant compromise with limited visibility.
Related Happenings
Azure Backup for AKS privilege escalation flaw
Vulnerability
First: 16.05.2026 23:55
Last: 16.05.2026 23:55
Sources 1
About this happening:
A **critical Azure Backup for AKS** privilege-escalation flaw was independently validated, exposing Kubernetes clusters to **cluster-admin** takeover from the low-privileged **Bac...
Azure Backup for AKS privilege escalation flaw
VulnerabilityAbout this happening: A **critical Azure Backup for AKS** privilege-escalation flaw was independently validated, exposing Kubernetes clusters to **cluster-admin** takeover from the low-privileged **Bac...
Microsoft Windows 365 Office installation disruption
Service Disruption
First: 13.05.2026 14:53
Last: 13.05.2026 14:53
Sources 1
About this happening:
The **Windows 365** service update has introduced a **configuration change** that is blocking **Office downloads and installs** for some customers, disrupting access on cloud PCs....
Microsoft Windows 365 Office installation disruption
Service DisruptionAbout this happening: The **Windows 365** service update has introduced a **configuration change** that is blocking **Office downloads and installs** for some customers, disrupting access on cloud PCs....
Microsoft Universal Print share-creation disruption
Service Disruption
First: 22.04.2026 13:15
Last: 22.04.2026 13:15
Sources 1
About this happening:
**Microsoft Universal Print** is experiencing an ongoing **share-creation disruption** that can prevent printer shares from completing and leave users with **"Sharing Print Failed...
Microsoft Universal Print share-creation disruption
Service DisruptionAbout this happening: **Microsoft Universal Print** is experiencing an ongoing **share-creation disruption** that can prevent printer shares from completing and leave users with **"Sharing Print Failed...
Microsoft Windows domain controller restart-loop disruption
Service Disruption
First: 17.04.2026 10:59
Last: 17.04.2026 10:59
Sources 1
About this happening:
**Microsoft** confirmed a **service disruption** affecting **Windows domain controllers** after the **April 2026 security update KB5082063**. The issue can trigger **LSASS crashes...
Microsoft Windows domain controller restart-loop disruption
Service DisruptionAbout this happening: **Microsoft** confirmed a **service disruption** affecting **Windows domain controllers** after the **April 2026 security update KB5082063**. The issue can trigger **LSASS crashes...
Microsoft AiTM payroll pirate attack mitigation
Advisory/Mitigation
First: 10.04.2026 14:56
Last: 10.04.2026 14:56
Sources 1
About this happening:
**Microsoft** is urging defenders to harden **Microsoft 365** and related **HR workflows** against **AiTM**-driven payroll theft by requiring **phishing-resistant MFA**, blocking...
Microsoft AiTM payroll pirate attack mitigation
Advisory/MitigationAbout this happening: **Microsoft** is urging defenders to harden **Microsoft 365** and related **HR workflows** against **AiTM**-driven payroll theft by requiring **phishing-resistant MFA**, blocking...
Timeline
-
19.09.2025 16:47 4 articles · 8mo ago
Dirk-jan Mollema discloses CVE-2025-55241 in Azure AD Graph API
Initial DisclosureDirk-jan Mollema disclosed CVE-2025-55241, a Microsoft Entra ID elevation-of-privilege flaw in Azure AD Graph API that could let an attacker use Actor tokens for cross-tenant access and impersonate users, including global admins, across tenants. He said the flaw was addressed over the summer, had no indication of in-the-wild exploitation, and later prompted Microsoft to push an additional mitigation that blocks customers from requesting Actor tokens for Azure AD Graph.
Show sources
- Critical Azure Entra ID Flaw Highlights Microsoft IAM Issues — www.darkreading.com — 19.09.2025 16:47
- Critical Azure Entra ID Flaw Highlights Microsoft IAM Issues — www.darkreading.com — 19.09.2025 16:47
- Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants — thehackernews.com — 22.09.2025 08:47
- Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation — www.bleepingcomputer.com — 19.05.2026 17:00