CVE-2025-55241

Published Sep 4, 2025

Last updated 2 months ago

CVSS critical 10.0
Microsoft Azure Entra

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-55241 is an elevation of privilege vulnerability affecting Microsoft Azure Entra ID. It is categorized under CWE-287 (Improper Authentication). An attacker can exploit a flaw in Azure Entra's code that incorrectly manages permissions by sending a specially crafted request to elevate their privilege level. This could lead to unauthorized data access or manipulation, potentially compromising the system's integrity and confidentiality. As of September 2025, there are no public technical details, exploitation code, or root cause analysis available for this specific vulnerability. However, similar Azure Entra ID privilege escalation vulnerabilities involve service principal permission abuse, OAuth scope misconfigurations, hybrid identity synchronization weaknesses, and exploitation of undocumented permissions in Microsoft first-party applications. Applying the vendor's patch is the best way to mitigate this vulnerability.

Description
Azure Entra ID Elevation of Privilege Vulnerability
Source
secure@microsoft.com
NVD status
Modified
CNA Tags
exclusively-hosted-service
Products
entra_id

Risk scores

CVSS 3.1

Type
Secondary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

secure@microsoft.com
CWE-287

Social media

Hype score
Not currently trending

  1. CVE-2025-55241 could let attackers impersonate any user (even Global Admins). Governance, revoking unused privileges, and killing legacy identity paths matter. #cybersecurity #infosec #itsecurity https://t.co/7vZEvc10cB

    @TrustleSecurity

    20 Nov 2025

    52 Impressions

    0 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 Critical Alert: Microsoft Entra ID (formerly Azure AD) had a vulnerability (CVE-2025-55241) that let attackers impersonate any user, including Global Admins, bypassing MFA & going unnoticed. #cybersecurity #infosec #itsecurity Patch now. ➤ https://t.co/ntzceQ0gtO

    @TrustleSecurity

    10 Nov 2025

    69 Impressions

    0 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Death by Token: Understanding CVE-2025-55241: https://t.co/G1QYrkEqcB #EntraID #Security #Token

    @Practical365

    5 Nov 2025

    2443 Impressions

    5 Retweets

    29 Likes

    19 Bookmarks

    0 Replies

    0 Quotes

  4. #VulnerabilityReport #Actortokens CVE-2025-55241: Microsoft Entra ID Flaw with CVSS 10.0 Could Have Compromised Every Tenant Worldwide https://t.co/UKpQbVmAX9

    @Komodosec

    28 Oct 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Death by Token: Understanding CVE-2025-55241 https://t.co/sprQYc1i4B

    @QuestJAS

    16 Oct 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Death by Token: Understanding CVE-2025-55241: https://t.co/G1QYrkEqcB #EntraID #Security #Token @PaulRobichaux

    @Practical365

    15 Oct 2025

    1050 Impressions

    3 Retweets

    12 Likes

    11 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 Microsoft corrigió CVE-2025-55241 en Entra ID (CVSS 10.0), que permitía suplantar cualquier usuario entre tenants, incluso admins globales. 🔒 Eludía MFA y registros. Migrar a Microsoft Graph es clave. https://t.co/g3vIBrYASH #Ciberseguridad #Microsoft #EntraID

    @trustlock_sec

    29 Sept 2025

    42 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Microsoft Entra ID の脆弱性 CVE-2025-55241 が FIX:Global Admin への成りすましが可能だった https://t.co/eUDPq1ux36 Microsoft Entra ID に存在していた、深刻な脆弱性について解説する記事です。その原因は、認証メカニズムと AP

    @iototsecnews

    29 Sept 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Legacy tech strikes again: Entra ID vulnerability (CVE-2025-55241) exposed millions to admin impersonation and data theft. Check our analysis for impacts and defenses. Time to modernize! https://t.co/WvD8WQ0kQg https://t.co/Ik6YAHRU3O

    @blackbeltsecure

    24 Sept 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Cloud Identity and AI Agents Under Fire 🔥 Microsoft plugs critical Entra ID flaw (CVE-2025-55241) Researcher Dirk-jan Mollema found that legacy auth protocols let attackers mint tokens across tenants—essentially a skeleton key for Azure AD customers. Microsoft:

    @cageyvdev

    24 Sept 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Microsoft Entraの脆弱性CVE-2025-55241による全テナントの危険性 https://t.co/JIdgz1WiwC #Security #セキュリティー #ニュース

    @SecureShield_

    24 Sept 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Microsoft Fixes Critical Entra ID Flaw CVE-2025-55241 Allowing Global Admin Impersonation #Microsoft #EntraID #AzureAD #CVE202555241 #CyberSecurity #CloudSecurity #DataBreach #ZeroTrust #InfoSec #MicrosoftPatch https://t.co/W6KdSV0ZiA

    @cyashadotcom

    23 Sept 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Microsoft Entra ID flaw CVE-2025-55241 scored perfect 10.0 severity! Attackers could impersonate Global Admins in ANY organization using actor tokens. Fixed now, but highlights Microsoft's troubling security pattern 🚨https://t.co/YapnLsurDj #CVE202555241 #EntraID #Microsoft365

    @cheinyeanlim

    23 Sept 2025

    111 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  14. Microsoft Entra ID Flaw Let Attackers Hijack Company Tenants https://t.co/XEXgwdx2Vs #AzureAdGraph #cve-2025-55241 #MicrosoftEntraId #TenantHijacking

    @wizconsults

    22 Sept 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants. The vulnerability, tracked as CVE-2025-55241, is assigned the maximum CVSS score of 10.0. and made it possible to compromise every Entra ID tenant in the world. https://t.co/Fjv2vwLlgd h

    @riskigy

    22 Sept 2025

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 💥 Admin global de n'importe quel tenant Entra ID (Azure AD) 🔎 L'attaque repose sur l'utilisation d'Actor Tokens et d'une faille dans l'API Azure AD Graph (CVE-2025-55241). 🧷 + d'infos : https://t.co/BeeNk32Afg #EntraID #Microsoft #infosec #cybersecurity https://t.co/d

    @ITConnect_fr

    22 Sept 2025

    734 Impressions

    2 Retweets

    7 Likes

    3 Bookmarks

    2 Replies

    0 Quotes

  17. 1) 🚨 Breaking: Microsoft just patched a critical Entra ID flaw (CVE-2025-55241) that could've let attackers impersonate any user, including Global Admins. A CVSS score of 10.0 means this is a serious privilege escalation vulnerability. #Vulnerability #Microsoft #Critical https

    @_CoderOnX

    22 Sept 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. A critical token validation failure in #Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any user, including Global Administrators, across any tenant.(CVE-2025-55241)#2025 #Infsoec #BT https://t.co/A22zCRhtXq

    @brierandthorn

    22 Sept 2025

    12 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  19. falla crítica en la validación de token en #Microsoft Entra ID podría haber permitido a los atacantes suplantar a cualquier usuario, incluidos los administradores globales, en cualquier inquilino. (CVE-2025-55241) #2025 #Infosec #BT https://t.co/ZPFapgaueh

    @BrierandThornMX

    22 Sept 2025

    6 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  20. A critical flaw in Microsoft Entra ID (CVE-2025-55241) lets attackers use invisible Actor tokens to impersonate Global Admins across tenants via Azure AD Graph API, exposing sensitive data and configurations. #CloudBreach #IdentityFlaw #USA https://t.co/FDoS2jUTj1

    @TweetThreatNews

    22 Sept 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 💻 - MICROSOFT / CVE 🚨 Microsoft a corrigé une vulnérabilité critique dans Entra ID (CVE-2025-55241, CVSS 10.0) qui permettait aux attaquants d'usurper l'identité de n'importe quel utilisateur, y compris les administrateurs globaux, dans tous les tenants. Le correctif

    @nexus_osint

    22 Sept 2025

    1890 Impressions

    3 Retweets

    19 Likes

    2 Bookmarks

    2 Replies

    0 Quotes

  22. Whoa, Microsoft just patched a wild 10.0 CVSS flaw in Entra ID (CVE-2025-55241)! 😱 Attackers could’ve impersonated Global Admins across tenants & bypassed MFA. Super curious about the tech details! 🔍 https://t.co/ZcHEuYLX05 #CyberSec #Microsoft

    @_F2po_

    22 Sept 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Graph API: “Trust me bro, here’s global admin.” Actor tokens: “Say less.” CVE-2025-55241: the bug that made every tenant a group project. 😬 https://t.co/47THBNNiwz

    @jsaveker

    22 Sept 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Kritik Microsoft Entra ID Açığı (CVE-2025-55241): Saldırganlar Tenantlar Arasında Kullanıcıları Taklit Edebiliyordu! Microsoft Entra ID içinde “actor token” / token doğrulama mekanizmasında bir zayıflık sayesinde saldırgan başka bir tenant içindeki herhangi

    @hakanuzuner

    22 Sept 2025

    641 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. Today's top 5 cybersecurity news - September 22, 2025 1. Microsoft has patched a critical vulnerability (CVE-2025-55241) in Entra ID (formerly Azure Active Directory) that allowed attackers to impersonate any user, including Global Administrators, across tenants. With a maximum

    @NewsNerdie

    22 Sept 2025

    71 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Critical Alert: A CVSS 10.0 vulnerability (CVE-2025-55241) in Microsoft Entra ID allows for full tenant compromise. Read the full analysis. 🔗 https://t.co/PEBnu8gINn #Microsoft #EntraID https://t.co/a70qyFcnKi

    @Iambivash007

    22 Sept 2025

    27 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  27. Microsoft patched a critical Entra ID flaw (CVE-2025-55241) allowing attackers to impersonate Global Admins across tenants via legacy Azure AD Graph API misuse. Risk of full tenant compromise highlighted. #EntraID #AzureAPI #USA https://t.co/3YGTrcy0bJ

    @TweetThreatNews

    22 Sept 2025

    160 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  28. 🚨 Entra ID Bug Patched (CVE-2025-55241) • Allowed cross-tenant impersonation of Global Admins • Minimal logging made detection nearly impossible ✅ Protect your identity today →https://t.co/QevXAC23bg 🔗https://t.co/MXdjD6Zz28 https://t.co/NDqRFx7MUM

    @DigitalWarCorp

    22 Sept 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. 🚨 Microsoft a corrigé une faille critique CVE-2025-55241 dans Entra ID (score CVSS 10.0). Cette vulnérabilité permettait l'usurpation d'identité d'administrateurs globaux. #Cybersécurité #Microsoft #EntraID #Vulnerability https://t.co/PpbZM3dtl0

    @IntelLynx1201

    22 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. Microsoft Entra IDの欠陥により、あらゆる企業のテナントがハッキング可能な状態だった(CVE-2025-55241) | Codebook|Security News https://t.co/amKbLsF3ff

    @ragemax

    22 Sept 2025

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. Critical flaw in Microsoft Entra ID (CVE-2025-55241) could let attackers impersonate Global Admins and seize full control of tenants. How close did we come to a cloud-wide takeover? Read now: https://t.co/Fv3PdqO57s #cloudsecurity #infosec #Microsoft #ZeroTrust #CyberSecurity

    @rewterz

    22 Sept 2025

    48 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  32. 🚨 𝐍𝐞𝐰 𝐯𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐚𝐧𝐚𝐥𝐲𝐬𝐢𝐬 𝐩𝐮𝐛𝐥𝐢𝐬𝐡𝐞𝐝! A silent hijack flaw in Microsoft Entra ID let attackers impersonate Global Admins. Learn how CVE-2025-55241 works - and how to stay prote

    @PurpleOps_io

    22 Sept 2025

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. 🚨 Critical security alert! CVE-2025-55241 exposes Microsoft Entra ID, allowing attackers to impersonate any user, including Global Admins. Are you prepared? #CVE #Cybersecurity https://t.co/dsqGuYSfY5

    @Cyb3r_5wift

    22 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. A critical vulnerability in Microsoft’s Entra ID, identified as CVE-2025-55241, allowed attackers to gain complete administrative control over any tenant. https://t.co/XOMnirG2Ab

    @securityRSS

    22 Sept 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. 🚨Microsoft Entra ID flaw allowed hijacking any company's tenant https://t.co/KCGEiAiGde Microsoft Entra ID flaw (CVE-2025-55241) could have let attackers gain Global Admin access to any tenant worldwide using undocumented “actor tokens” from the legacy Access Control Serv

    @H4ckmanac

    22 Sept 2025

    9204 Impressions

    34 Retweets

    115 Likes

    43 Bookmarks

    0 Replies

    1 Quote

  36. Microsoft patched a critical Entra ID flaw (CVE-2025-55241) allowing global admin impersonation across all tenants! 🚨 Huge security fix. https://t.co/g7HCPj4a6Q #Microsoft #EntraID #Vulnerability #Cybersecurity #InfoSec

    @0xT3chn0m4nc3r

    22 Sept 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. 📌 صنفت شركة مايكروسوفت ثغرة حرجة في Entra ID، المعروفة سابقًا باسم Azure Active Directory، تحت الرمز CVE-2025-55241، مما يتيح للمهاجمين انتحال هوية أي مستخدم، بما في ذلك الم

    @Cybercachear

    22 Sept 2025

    102 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. Critical Entra ID flaw CVE-2025-55241 (CVSS 10.0). Patch now: https://t.co/XiVjyZXcVC Thoughts? #EntraID #InfoSec #CVE2025-55241 #Identity Read More :https://t.co/XiVjyZXcVC

    @true_redfence

    22 Sept 2025

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. 🚨Microsoft Entra IDの欠陥により、あらゆる企業のテナントがハッキング可能な状態だった(CVE-2025-55241) 〜サイバーセキュリティ週末の話題〜 https://t.co/3eJy3Xprv0 #セキュリティ #インテリジェンス #OSINT

    @MachinaRecord

    22 Sept 2025

    149 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. A critical flaw (CVE-2025-55241) in Microsoft Entra ID could have allowed a compromise of every tenant worldwide by bypassing security with "Actor tokens." #EntraID #AzureAD #Vulnerability #Cybersecurity #Microsoft https://t.co/N0ufwBUijj

    @the_yellow_fall

    22 Sept 2025

    104 Impressions

    2 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  41. CVE-2025-55241: Microsoft Entra ID Flaw with CVSS 10.0 Could Have Compromised Every Tenant Worldwide https://t.co/eWhDJ8HkFu

    @CrowdCyber_Com

    22 Sept 2025

    65 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. 🗣️ CVE-2025-55241: Microsoft Entra ID Flaw with CVSS 10.0 Could Have Compromised Every Tenant Worldwide https://t.co/5r6xgpCcGE

    @fridaysecurity

    22 Sept 2025

    76 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. 🚨 CVE-2025-55241: CRITICAL Entra ID vulnerability! "Actor Tokens" allowed Global Admin takeover of ALL worldwide tenants. Dirk-jan Mollema discovery, Microsoft patches deployed. #CVE202555241 #EntraID #AzureAD #CyberSecurity #Microsoft #ActorTokens https://t.co/CEyyLxG9ca htt

    @ctrlaltnod

    21 Sept 2025

    14 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  44. TL;DR: CVE-2025-55241 is a game-changer! Act fast: patch systems, tighten logs, and migrate from legacy APIs. How is your organization handling identity security after this incident? 🤔 #CloudSecurity

    @Cyb3r_5wift

    21 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. 🚨 A critical security flaw in Microsoft Entra ID (CVE-2025-55241) could allow attackers to hijack any organization’s tenant! This vulnerability had a staggering CVSS score of 9.0! #Cybersecurity #GRC https://t.co/6nivzjkFFj

    @Cyb3r_5wift

    21 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. The fatal mix included undocumented tokens called “actor tokens” and a vulnerability in the Azure AD Graph API (CVE-2025-55241) that

    @NSIguy

    21 Sept 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. GitHub - Spanky-McSpank/CVE-2025-55241-Internal-Audit: Audit Tool for CVE-2025-55241 - No Warranty Provided or Assumed. Analyze and Use at Own Risk #CloudSecurity https://t.co/kD1maqKorH

    @zig_max

    21 Sept 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. I almost missed this one - one of the more critical cloud vulns I’ve come across. Abuse of undocumented Actor tokens let attackers escalate to Global Admin in any Entra ID tenant, bypassing Conditional Access with minimal logs. CVE-2025-55241. https://t.co/06l468t4vF

    @GilxMaman

    21 Sept 2025

    77 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  49. 🚨 The KQL Master's Guide to Detecting Actor Token Abuse (#CVE-2025-55241) https://t.co/3IqCOuABzS Educational Purposes!

    @UndercodeUpdate

    20 Sept 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. Critical patches issued for WatchGuard Firebox (CVE-2025-9242) and Entra ID (CVE-2025-55241) to prevent VPN and tenant takeover risks. New ransomware strains Sinobi & The Gentlemen emerge. Breaches hit NY Blood Center, SonicWall, KrasAvia. #WatchGuard #C… https://t.co/c13s4

    @TweetThreatNews

    20 Sept 2025

    144 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.