Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Microsoft Entra ID security patch for CVE-2025-55241

Security Patch Release
First reported
Last updated
Happening score
H score 30
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft addressed CVE-2025-55241 in Microsoft Entra ID on July 17, 2025, closing a critical token validation flaw that could enable cross-tenant impersonation, including Global Administrator access. The fix covered the identity platform and the legacy Azure AD Graph API (graph.windows.net) path implicated in the issue. Microsoft said no customer action was required, and there was no indication of in-the-wild exploitation.

Related Happenings

Microsoft Windows 365 Office installation disruption

Service Disruption
First: 13.05.2026 14:53 Last: 13.05.2026 14:53 Sources 1

About this happening: The **Windows 365** service update has introduced a **configuration change** that is blocking **Office downloads and installs** for some customers, disrupting access on cloud PCs....

Open Happening

Microsoft May 2026 Patch Tuesday release

Security Patch Release
First: 13.05.2026 13:36 Last: 13.05.2026 13:36 Sources 1

About this happening: Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...

Open Happening

Microsoft Defender false-positively flags DigiCert root certificates and removes some from Windows trust store

Security Tool/Service
First: 03.05.2026 21:11 Last: 03.05.2026 21:11 Sources 1

About this happening: **Microsoft Defender** began falsely flagging valid **DigiCert root certificates** as **Trojan:Win32/Cerdigent.A!dha**, creating widespread false positives and risking certificate...

Open Happening

Microsoft classic Outlook Gmail and Yahoo sync disruption

Service Disruption
First: 24.03.2026 17:12 Last: 24.03.2026 17:12 Sources 1

About this happening: The **classic Outlook** synchronization failure affecting **Gmail** and **Yahoo** accounts has been fixed, restoring email access for impacted users. Microsoft said the bug produc...

Open Happening

Microsoft Exchange Online mailbox access disruption

Service Disruption
First: 23.03.2026 14:17 Last: 23.03.2026 14:17 Sources 1

About this happening: The **Exchange Online** service is undergoing an **ongoing mailbox access disruption** that can stop some users from opening cloud mailboxes through **Outlook mobile** and the **n...

Open Happening

Timeline

  1. 22.09.2025 08:47 1 articles · 8mo ago

    Dirk-jan Mollema reports Entra ID token validation flaw

    Initial Disclosure

    Security researcher Dirk-jan Mollema reported a critical token validation failure in Microsoft Entra ID that abused service-to-service (S2S) actor tokens from the Access Control Service (ACS) and a legacy Azure AD Graph API tenant-validation gap, making it possible to impersonate Global Administrators across nearly every Entra ID tenant, with likely exceptions for national cloud deployments.

    Show sources
    Open in new tab
  2. 22.09.2025 08:47 2 articles · 8mo ago

    Microsoft addresses CVE-2025-55241 in Microsoft Entra ID

    Mitigation Patch Update

    Microsoft addressed CVE-2025-55241 in Microsoft Entra ID on July 17, 2025, fixing the critical token validation failure tied to legacy Azure AD Graph API actor-token abuse and requiring no customer action; Microsoft also said there was no indication of in-the-wild exploitation.

    Show sources
    Open in new tab