CyberHappenings logo
☰
🏠 Home πŸ“‚ Browse ℹ️ About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Critical Azure Entra ID Vulnerability Exposes Cross-Tenant Access Risks

First reported
Last updated
πŸ“° 1 unique sources, 1 articles

Summary

Hide β–²

A critical elevation of privilege (EoP) vulnerability in Microsoft's Azure Entra ID (formerly Azure Active Directory) could have allowed unauthorized access to virtually any Entra ID tenant. The flaw, tracked as CVE-2025-55241, was discovered by Dirk-jan Mollema and affects the Azure AD Graph API, which is scheduled for deprecation. The vulnerability leverages undocumented 'Actor tokens' that bypass access control policies and can be used for cross-tenant access. The issue highlights significant security gaps in Azure's authentication stack, particularly around the use of unsigned tokens and the lack of proper logging and visibility. The flaw underscores ongoing concerns about Microsoft's security practices, especially following a previous CSRB report that criticized the company's security posture. Microsoft has addressed the vulnerability and implemented additional mitigations to block the ability to request Actor tokens for the Azure AD Graph API, enhancing defense-in-depth.

Timeline

  1. 19.09.2025 16:47 πŸ“° 1 articles Β· ⏱ 4h ago

    Critical Azure Entra ID Vulnerability Disclosed

    A critical elevation of privilege (EoP) vulnerability in Microsoft's Azure Entra ID (formerly Azure Active Directory) was discovered by Dirk-jan Mollema. The flaw, tracked as CVE-2025-55241, affects the Azure AD Graph API and leverages undocumented Actor tokens to allow cross-tenant access. The vulnerability highlights significant security gaps in Azure's authentication stack, particularly around the use of unsigned tokens and the lack of proper logging and visibility. Microsoft has addressed the vulnerability and implemented additional mitigations to block the ability to request Actor tokens for the Azure AD Graph API, enhancing defense-in-depth.

    Show sources
    Open in new tab

Information Snippets

  • The vulnerability, CVE-2025-55241, received a CVSS score of 10.0, indicating critical severity.

    First reported: 19.09.2025 16:47
    πŸ“° 1 source, 1 article
    Show sources

  • The flaw stems from an authentication failure in the Azure AD Graph API, which is scheduled for deprecation.

    First reported: 19.09.2025 16:47
    πŸ“° 1 source, 1 article
    Show sources

  • Actor tokens, designed for backend service-to-service communications, lack access control policies and can be used to elevate privileges.

    First reported: 19.09.2025 16:47
    πŸ“° 1 source, 1 article
    Show sources

  • The vulnerability allows for cross-tenant access by exploiting the Azure AD Graph API and modifying Actor tokens.

    First reported: 19.09.2025 16:47
    πŸ“° 1 source, 1 article
    Show sources

  • The flaw was discovered in July 2025 by Dirk-jan Mollema, who presented his findings at Black Hat USA 2025 and DEF CON 33.

    First reported: 19.09.2025 16:47
    πŸ“° 1 source, 1 article
    Show sources

  • The vulnerability highlights significant security gaps in Azure's authentication stack, particularly around the use of unsigned tokens and lack of proper logging.

    First reported: 19.09.2025 16:47
    πŸ“° 1 source, 1 article
    Show sources

  • Microsoft has addressed the vulnerability and implemented additional mitigations to block the ability to request Actor tokens for the Azure AD Graph API.

    First reported: 19.09.2025 16:47
    πŸ“° 1 source, 1 article
    Show sources