A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any user, including Global Administrators, across any tenant.
The vulnerability, tracked as CVE-2025-55241, has been assigned the maximum CVSS score of 10.0. It has been described by Microsoft as a privilege escalation flaw in Azure Entra. There is no indication that the issue was exploited in the wild. It has been addressed by the Windows maker as of July 17, 2025, requiring no customer action. The CVE was formally issued on September 4.
Security researcher Dirk-jan Mollema, who discovered and reported the shortcoming on July 14, said the shortcoming made it possible to compromise every Entra ID tenant in the world, with the likely exception of national cloud deployments.
The problem stems from a combination of two components: the use of service-to-service (S2S) actor tokens issued by the Access Control Service (ACS) and a fatal flaw in the legacy Azure AD Graph API (graph.windows.net) that did not adequately validate the originating tenant, which effectively allowed the tokens to be used for cross-tenant access.
What makes this noteworthy is that the tokens are subject to Microsoft’s Conditional Access policies, enabling a bad actor with access to the Graph API to make unauthorized modifications. To make matters worse, the lack of API level logging for the Graph API meant that it could be exploited to access user information stored in Entra ID, group and role details, tenant settings, application permissions, and device information and BitLocker keys synced to Entra ID without leaving any traces.
An impersonation of the Global Administrator could allow an attacker to create new accounts, grant themselves additional permissions, or exfiltrate sensitive data, resulting in a full tenant compromise with access to any service that uses Entra ID for authentication, such as SharePoint Online and Exchange Online.
“It would also provide full access to any resource hosted in Azure, since these resources are controlled from the tenant level and Global Admins can grant themselves rights on Azure subscriptions,” Mollema noted.
Microsoft has characterized such instances of cross-tenant access as a case of “High-privileged access” (HPA) that “occurs when an application or service obtains broad access to customer content, allowing it to impersonate other users without providing any proof of user context.”
It’s worth noting that the Azure AD Graph API has been officially deprecated and retired as of August 31, 2025, with the tech giant urging users to migrate their apps to Microsoft Graph. The initial announcement of the deprecation was made in 2019.
“Applications that were configured for extended access that still depend on Azure AD Graph APIs will not be able to continue using these APIs starting in early September 2025,” Microsoft noted back in late June 2025.
Cloud security company Mitiga said a successful exploitation of CVE-2025-55241 can bypass multi-factor authentication (MFA), Conditional Access, and logging, leaving no trail of the incident.
“Attackers could craft these [actor] tokens in ways that tricked Entra ID into thinking they were anyone, anywhere,” Mitiga’s Roei Sherman said. “The vulnerability arose because the legacy API failed to validate the tenant source of the token.”
“This meant that an attacker could obtain an Actor token from their own, non-privileged test environment and then use it to impersonate a Global Admin in any other company’s tenant. The attacker didn’t need any pre-existing access to the target organization.”
Previously, Mollema also detailed a high-severity security flaw affecting on-premise versions of Exchange Server (CVE-2025-53786, CVSS score: 8.0) that could allow an attacker to gain elevated privileges under certain conditions. Another piece of research found that Intune certificate misconfigurations (such as spoofable identifiers) can be abused by regular users to perform an ESC1 attack targeting Active Directory environments.
The development comes weeks after Binary Security’s Haakon Holm Gulbrandsrud disclosed that the shared API Manager (APIM) instance used to facilitate software-as-a-service (SaaS) connectors can be invoked directly from the Azure Resource Manager to achieve cross-tenant access.
“API Connections allow anyone to fully compromise any other connection worldwide, giving full access to the connected backend,” Gulbrandsrud said. “This includes cross-tenant compromise of Key Vaults and Azure SQL databases, as well as any other externally connected service, such as Jira or Salesforce.”
It also follows the discovery of several cloud-related flaws and attack methods in recent weeks –
- An Entra ID OAuth misconfiguration that granted unauthorized access to Microsoft’s Engineering Hub Rescue even with a personal Microsoft account, exposing 22 internal services and associated data.
- An attack that exploits Microsoft OneDrive for Business Known Folder Move (KFM) feature, allowing a bad actor who compromises a Microsoft 365 user with OneDrive sync to gain access to their apps and files synced to SharePoint Online.
- The leak of Azure AD application credentials in a publicly accessible Application Settings (appsettings.json) file that could have been exploited to authenticate directly against Microsoft’s OAuth 2.0 endpoints, and exfiltrate sensitive data, deploy malicious apps, or escalate privileges.
- A phishing attack containing a link to a rogue OAuth application registered in Microsoft Azure that tricked a user into granting it permissions to extract Amazon Web Services (AWS) access keys for a sandbox environment within the compromised mailbox, allowing unknown actors to enumerate AWS permissions and exploit a trust relationship between the sandbox and production environments to elevate privileges, gain complete control over the organization’s AWS infrastructure, and exfiltrate sensitive data.
- An attack that involves exploiting Server-Side Request Forgery (SSRF) vulnerabilities in web applications to send requests to the AWS EC2 metadata service with the goal of accessing the Instance Metadata Service (IMDS) to compromise cloud resources by retrieving temporary security credentials assigned to the instance’s IAM role.
- A now-patched issue in AWS’s Trusted Advisor tool that could be exploited to sidestep S3 Security Checks by tweaking certain storage bucket policies, causing the tool to incorrectly report publicly-exposed S3 buckets as secure, thereby leaving sensitive data exposed to data exfiltration and data breaches.
- A technique code AWSDoor that modifies IAM configurations related to AWS role and trust policies to set up persistence on AWS environments.
The findings show that even all-too-common misconfigurations in cloud environments can have disastrous consequences for the organizations involved, leading to data theft and other follow-on attacks.
“Techniques such as AccessKey injection, trust policy backdooring, and the use of NotAction policies allow attackers to persist without deploying malware or triggering alarms,” RiskInsight researchers Yoann Dequeker and Arnaud Petitcol said in a report published last week.
“Beyond IAM, attackers can leverage AWS resources themselves – such as Lambda functions and EC2 instances – to maintain access. Disabling CloudTrail, modifying event selectors, deploying lifecycle policies for silent S3 deletion, or detaching accounts from AWS Organizations are all techniques that reduce oversight and enable long-term compromise or destruction.”
