Microsoft Entra ID vulnerability re-scored to perfecrt 10 critical, allows global admin control on all tenants

Microsoft has reclassified a critical security vulnerability in its Entra ID (formerly Azure Active Directory) service that could have enabled attackers to compromise virtually every tenant globally. 

The flaw, tracked as CVE-2025-55241 but now with (CVSS score 10.0) was discovered by Dutch security researcher Dirk-jan Mollema from Outsider Security while preparing for Black Hat USA 2025 and DEF CON 33 presentations in July 2025. Mollema described it as "the most impactful Entra ID vulnerability that I will probably ever find" and noted that "this vulnerability could have allowed me to compromise every Entra ID tenant in the world".

The critical flaw stems from two interconnected components within Microsoft's authentication infrastructure: 

1. Undocumented, internal-use tokens called "Actor tokens" that Microsoft services use to communicate with each other on behalf of users. These are unsigned authentication tokens generated by what appears to be a legacy service called "Access Control Service" and are"lack almost every security control that you would want":
   1. they cannot be revoked within their 24-hour lifespan,
   2. they bypass conditional access policies,
   3. they have extremely limited visibility,
   4. requesting Actor tokens are not generating any logs.
2. A flaw in the older Azure AD Graph API that failed to properly validate that an incoming Actor token originated from the same tenant it was trying to access. The Azure AD Graph API is a legacy REST API that Microsoft introduced years ago for interacting programmatically with Azure Active Directory. By altering the tenant ID in an impersonation token, Mollema discovered he could query data in other tenants, noting "I could indeed access data in other tenants, as long as I knew their tenant ID (which is public information) and the netID of a user in that tenant".

An attacker exploiting CVE-2025-55241 could bypass multi-factor authentication (MFA), Conditional Access, and logging, leaving no trail of the inciden. An attacker who obtained and replayed such a token could read and modify directory data, create service principals, change roles, and take control of applications and policies, effectively achieving full tenant compromise in many cases. The attack progression allowed attackers to impersonate regular users to enumerate information, identify Global Admins and craft tokens for them, and achieve full tenant takeover with access extending to Microsoft 365 and Azure resources.

Mollema noted, "none of these actions would generate any logs in the victim tenant". Even the supposedly secret netID values of users weren't safe, as Mollema found they were incremental and brute-forceable, making it feasible to guess valid IDs within minutes. Only some written actions, such as user creation or configuration changes, might produce audit logs, and even then, they appeared as if executed by legitimate Global Admins.

The researcher reported the vulnerability to the Microsoft Security Response Center (MSRC) on July 14, 2025, and Microsoft acknowledged the severity and deployed a global fix by July 17, 2025. Further mitigations were rolled out in August to prevent applications from requesting these types of Actor tokens for the Azure AD Graph API. Microsoft published the CVE designation on September 4, 2025, with the full technical details disclosed on September 17, 2025.

According to Microsoft's investigation of its internal telemetry, no evidence of this vulnerability being abused in the wild was found. Tom Gallagher, Vice President of Engineering at Microsoft Security Response Center, stated that Microsoft "mitigated the newly identified issue quickly, and accelerated the remediation work underway to decommission this legacy protocol usage, as part of our Secure Future Initiative". The advisory noted that "there is no action for users of this service to take" as the vulnerability had been fully mitigated.