Security researchers are warning about a max-severity vulnerability in Microsoft Entra ID (formerly Azure Active Directory) that could potentially allow attackers to impersonate any user in any tenant, including Global Administrators, without triggering MFA, conditional Access, or leaving any normal login or audit trail.
The flaw, first reported by red-teamer Dirk-jan Mollema, exploited “Actor tokens,” a hidden Microsoft mechanism normally used for internal delegation, by manipulating a legacy API that failed to validate the originating tenant.
According to Mitiga’s further breakdown of the exploit, an attacker in a benign environment could request an Actor token, then use it to pose as a privileged user in a completely separate organization.
“The vulnerability arose because the legacy API failed to validate the tenant source of the Actor token,” Mitiga researchers said in a blog post. “Once impersonating a Global Admin, they could create new accounts, grant themselves permissions, or exfiltrate sensitive data.”
The bug, tracked as CVE-2025-55241, was reported to Microsoft in July, who confirmed a few days later that a fix had been developed and pushed to global production.
One token to rule them all
At the heart of the problem is a combination of the Actor token mechanism and a misconfigured API. Actor tokens are internal tools enabling services to act on behalf of users or other services within Microsoft’s infrastructure.
What Mollema discovered is that an API, Azure AD Graph API, did not check the tenant of an Actor token, meaning one could craft a token in their own test or low-privilege tenant and use it to impersonate an admin user in another unrelated tenant. Azure AD Graph is a legacy REST API that Microsoft introduced years ago for interacting programmatically with Azure Active Directory (Now Entra ID).
According to Mitiga, an Actor Token could be crafted using Tenant ID and netID values of target users, which can be accessed through guest accounts, leaked logs, or even brute force. The crafted (requested) Actor token, which Azure AD Graph does not scrutinize for source, could now be used to impersonate a Global administrator.
“This would result in full tenant compromise with access to any service that uses Entra ID for authentication, such as SharePoint Online and Exchange Online,” Mollema had revealed in a blog post last week. “It would also provide full access to any resource hosted in Azure, since these resources are controlled from the tenant level and Global Admins can grant themselves rights on Azure subscriptions.”
Adding to the threat is the fact that requesting Actor tokens does not generate logs, resulting in no log entries, no Conditional Access enforcement, and no MFA prompts.
Patching is done, yet the risk lingers
While CVE-2025-55241 initially carried a maximum base severity score of 10.0 out of 10, Microsoft later revised its advisory on September 4 to rate the flaw at 8.7, reflecting its own exploitability assessment.
Microsoft rolled out a fix globally within days of the initial report, adding that its internal telemetry did not reveal any evidence of exploitation until that time. The patch blocked Actor tokens from being requested for Azure AD Graph API calls and introduced further mitigations to close off the impersonation vector.
Additionally, the technology giant published a blog about removing insecure legacy practices from their environment, though Mollema complained that there weren’t any details on how many services still use these tokens. “This vulnerability has already been fully mitigated by Microsoft,” Microsoft said in the advisory. “There is no action for users of this service to take.”
“We mitigated the newly identified issue quickly, and accelerated the remediation work underway to decommission this legacy protocol usage, as part of our Secure Future Initiative (SFI),” said Tom Gallagher, VP of Engineering at Microsoft Security Response Center (MSRC). “We implemented a code change within the vulnerable validation logic, tested the fix, and applied it across our cloud ecosystem. We found no evidence of abuse of this vulnerability, and to maintain transparency, we issued a no-action CVE-2025-55241.”
Mitiga team stresses that the problem highlights a broader category of risks–hidden trust deep in cloud identity systems. “Microsoft has patched it, but the lack of historical visibility means defenders still can’t be sure whether it was used in the past,” the team added. “That uncertainty is the point: attackers keep looking for invisible pathways. Defenders need visibility everywhere – before, during, and after exploitation.”
No Responses