CVE-2025-55241

Published Sep 4, 2025

Last updated 6 months ago

CVSS critical 10.0
Microsoft Azure Entra

Overview

Description
Azure Entra ID Elevation of Privilege Vulnerability
Source
secure@microsoft.com
NVD status
Modified
CNA Tags
exclusively-hosted-service
Products
entra_id

Risk scores

CVSS 3.1

Type
Secondary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

secure@microsoft.com
CWE-287

Social media

Hype score
Not currently trending

  1. https://t.co/9f0ca99N2x CVE-2025-55241 scored a perfect CVSS 10.0. Complete tenant hijacking via Actor tokens. Cross-tenant abuse isn't theoretical. Midnight Blizzard, Storm-0558, UnOAuthorized—real incidents exploiting trust across Microsoft tenants. Our latest breaks down t

    @Pierson_Tech

    20 Feb 2026

    99 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  2. Top 5 Trending CVEs: 1 - CVE-2025-55241 2 - CVE-2022-26766 3 - CVE-2026-1731 4 - CVE-2026-20817 5 - CVE-2026-21509 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    8 Feb 2026

    130 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-55241 could let attackers impersonate any user (even Global Admins). Governance, revoking unused privileges, and killing legacy identity paths matter. #cybersecurity #infosec #itsecurity https://t.co/7vZEvc10cB

    @TrustleSecurity

    20 Nov 2025

    52 Impressions

    0 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 Critical Alert: Microsoft Entra ID (formerly Azure AD) had a vulnerability (CVE-2025-55241) that let attackers impersonate any user, including Global Admins, bypassing MFA & going unnoticed. #cybersecurity #infosec #itsecurity Patch now. ➤ https://t.co/ntzceQ0gtO

    @TrustleSecurity

    10 Nov 2025

    69 Impressions

    0 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Death by Token: Understanding CVE-2025-55241: https://t.co/G1QYrkEqcB #EntraID #Security #Token

    @Practical365

    5 Nov 2025

    2443 Impressions

    5 Retweets

    29 Likes

    19 Bookmarks

    0 Replies

    0 Quotes

  6. #VulnerabilityReport #Actortokens CVE-2025-55241: Microsoft Entra ID Flaw with CVSS 10.0 Could Have Compromised Every Tenant Worldwide https://t.co/UKpQbVmAX9

    @Komodosec

    28 Oct 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Death by Token: Understanding CVE-2025-55241 https://t.co/sprQYc1i4B

    @QuestJAS

    16 Oct 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Death by Token: Understanding CVE-2025-55241: https://t.co/G1QYrkEqcB #EntraID #Security #Token @PaulRobichaux

    @Practical365

    15 Oct 2025

    1050 Impressions

    3 Retweets

    12 Likes

    11 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 Microsoft corrigió CVE-2025-55241 en Entra ID (CVSS 10.0), que permitía suplantar cualquier usuario entre tenants, incluso admins globales. 🔒 Eludía MFA y registros. Migrar a Microsoft Graph es clave. https://t.co/g3vIBrYASH #Ciberseguridad #Microsoft #EntraID

    @trustlock_sec

    29 Sept 2025

    42 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Microsoft Entra ID の脆弱性 CVE-2025-55241 が FIX:Global Admin への成りすましが可能だった https://t.co/eUDPq1ux36 Microsoft Entra ID に存在していた、深刻な脆弱性について解説する記事です。その原因は、認証メカニズムと AP

    @iototsecnews

    29 Sept 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Legacy tech strikes again: Entra ID vulnerability (CVE-2025-55241) exposed millions to admin impersonation and data theft. Check our analysis for impacts and defenses. Time to modernize! https://t.co/WvD8WQ0kQg https://t.co/Ik6YAHRU3O

    @blackbeltsecure

    24 Sept 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Cloud Identity and AI Agents Under Fire 🔥 Microsoft plugs critical Entra ID flaw (CVE-2025-55241) Researcher Dirk-jan Mollema found that legacy auth protocols let attackers mint tokens across tenants—essentially a skeleton key for Azure AD customers. Microsoft:

    @cageyvdev

    24 Sept 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Microsoft Entraの脆弱性CVE-2025-55241による全テナントの危険性 https://t.co/JIdgz1WiwC #Security #セキュリティー #ニュース

    @SecureShield_

    24 Sept 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Microsoft Fixes Critical Entra ID Flaw CVE-2025-55241 Allowing Global Admin Impersonation #Microsoft #EntraID #AzureAD #CVE202555241 #CyberSecurity #CloudSecurity #DataBreach #ZeroTrust #InfoSec #MicrosoftPatch https://t.co/W6KdSV0ZiA

    @cyashadotcom

    23 Sept 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Microsoft Entra ID flaw CVE-2025-55241 scored perfect 10.0 severity! Attackers could impersonate Global Admins in ANY organization using actor tokens. Fixed now, but highlights Microsoft's troubling security pattern 🚨https://t.co/YapnLsurDj #CVE202555241 #EntraID #Microsoft365

    @cheinyeanlim

    23 Sept 2025

    111 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  16. Microsoft Entra ID Flaw Let Attackers Hijack Company Tenants https://t.co/XEXgwdx2Vs #AzureAdGraph #cve-2025-55241 #MicrosoftEntraId #TenantHijacking

    @wizconsults

    22 Sept 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants. The vulnerability, tracked as CVE-2025-55241, is assigned the maximum CVSS score of 10.0. and made it possible to compromise every Entra ID tenant in the world. https://t.co/Fjv2vwLlgd h

    @riskigy

    22 Sept 2025

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 💥 Admin global de n'importe quel tenant Entra ID (Azure AD) 🔎 L'attaque repose sur l'utilisation d'Actor Tokens et d'une faille dans l'API Azure AD Graph (CVE-2025-55241). 🧷 + d'infos : https://t.co/BeeNk32Afg #EntraID #Microsoft #infosec #cybersecurity https://t.co/d

    @ITConnect_fr

    22 Sept 2025

    734 Impressions

    2 Retweets

    7 Likes

    3 Bookmarks

    2 Replies

    0 Quotes

  19. 1) 🚨 Breaking: Microsoft just patched a critical Entra ID flaw (CVE-2025-55241) that could've let attackers impersonate any user, including Global Admins. A CVSS score of 10.0 means this is a serious privilege escalation vulnerability. #Vulnerability #Microsoft #Critical https

    @_CoderOnX

    22 Sept 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  20. A critical token validation failure in #Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any user, including Global Administrators, across any tenant.(CVE-2025-55241)#2025 #Infsoec #BT https://t.co/A22zCRhtXq

    @brierandthorn

    22 Sept 2025

    12 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  21. falla crítica en la validación de token en #Microsoft Entra ID podría haber permitido a los atacantes suplantar a cualquier usuario, incluidos los administradores globales, en cualquier inquilino. (CVE-2025-55241) #2025 #Infosec #BT https://t.co/ZPFapgaueh

    @BrierandThornMX

    22 Sept 2025

    6 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  22. A critical flaw in Microsoft Entra ID (CVE-2025-55241) lets attackers use invisible Actor tokens to impersonate Global Admins across tenants via Azure AD Graph API, exposing sensitive data and configurations. #CloudBreach #IdentityFlaw #USA https://t.co/FDoS2jUTj1

    @TweetThreatNews

    22 Sept 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 💻 - MICROSOFT / CVE 🚨 Microsoft a corrigé une vulnérabilité critique dans Entra ID (CVE-2025-55241, CVSS 10.0) qui permettait aux attaquants d'usurper l'identité de n'importe quel utilisateur, y compris les administrateurs globaux, dans tous les tenants. Le correctif

    @nexus_osint

    22 Sept 2025

    1890 Impressions

    3 Retweets

    19 Likes

    2 Bookmarks

    2 Replies

    0 Quotes

  24. Whoa, Microsoft just patched a wild 10.0 CVSS flaw in Entra ID (CVE-2025-55241)! 😱 Attackers could’ve impersonated Global Admins across tenants & bypassed MFA. Super curious about the tech details! 🔍 https://t.co/ZcHEuYLX05 #CyberSec #Microsoft

    @_F2po_

    22 Sept 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Graph API: “Trust me bro, here’s global admin.” Actor tokens: “Say less.” CVE-2025-55241: the bug that made every tenant a group project. 😬 https://t.co/47THBNNiwz

    @jsaveker

    22 Sept 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Kritik Microsoft Entra ID Açığı (CVE-2025-55241): Saldırganlar Tenantlar Arasında Kullanıcıları Taklit Edebiliyordu! Microsoft Entra ID içinde “actor token” / token doğrulama mekanizmasında bir zayıflık sayesinde saldırgan başka bir tenant içindeki herhangi

    @hakanuzuner

    22 Sept 2025

    641 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  27. Today's top 5 cybersecurity news - September 22, 2025 1. Microsoft has patched a critical vulnerability (CVE-2025-55241) in Entra ID (formerly Azure Active Directory) that allowed attackers to impersonate any user, including Global Administrators, across tenants. With a maximum

    @NewsNerdie

    22 Sept 2025

    71 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Critical Alert: A CVSS 10.0 vulnerability (CVE-2025-55241) in Microsoft Entra ID allows for full tenant compromise. Read the full analysis. 🔗 https://t.co/PEBnu8gINn #Microsoft #EntraID https://t.co/a70qyFcnKi

    @cyberbivash

    22 Sept 2025

    27 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  29. Microsoft patched a critical Entra ID flaw (CVE-2025-55241) allowing attackers to impersonate Global Admins across tenants via legacy Azure AD Graph API misuse. Risk of full tenant compromise highlighted. #EntraID #AzureAPI #USA https://t.co/3YGTrcy0bJ

    @TweetThreatNews

    22 Sept 2025

    160 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 🚨 Entra ID Bug Patched (CVE-2025-55241) • Allowed cross-tenant impersonation of Global Admins • Minimal logging made detection nearly impossible ✅ Protect your identity today →https://t.co/QevXAC23bg 🔗https://t.co/MXdjD6Zz28 https://t.co/NDqRFx7MUM

    @DigitalWarCorp

    22 Sept 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. 🚨 Microsoft a corrigé une faille critique CVE-2025-55241 dans Entra ID (score CVSS 10.0). Cette vulnérabilité permettait l'usurpation d'identité d'administrateurs globaux. #Cybersécurité #Microsoft #EntraID #Vulnerability https://t.co/PpbZM3dtl0

    @IntelLynx1201

    22 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. Microsoft Entra IDの欠陥により、あらゆる企業のテナントがハッキング可能な状態だった(CVE-2025-55241) | Codebook|Security News https://t.co/amKbLsF3ff

    @ragemax

    22 Sept 2025

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. Critical flaw in Microsoft Entra ID (CVE-2025-55241) could let attackers impersonate Global Admins and seize full control of tenants. How close did we come to a cloud-wide takeover? Read now: https://t.co/Fv3PdqO57s #cloudsecurity #infosec #Microsoft #ZeroTrust #CyberSecurity

    @rewterz

    22 Sept 2025

    48 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  34. 🚨 𝐍𝐞𝐰 𝐯𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐚𝐧𝐚𝐥𝐲𝐬𝐢𝐬 𝐩𝐮𝐛𝐥𝐢𝐬𝐡𝐞𝐝! A silent hijack flaw in Microsoft Entra ID let attackers impersonate Global Admins. Learn how CVE-2025-55241 works - and how to stay prote

    @PurpleOps_io

    22 Sept 2025

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. 🚨 Critical security alert! CVE-2025-55241 exposes Microsoft Entra ID, allowing attackers to impersonate any user, including Global Admins. Are you prepared? #CVE #Cybersecurity https://t.co/dsqGuYSfY5

    @Cyb3r_5wift

    22 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. A critical vulnerability in Microsoft’s Entra ID, identified as CVE-2025-55241, allowed attackers to gain complete administrative control over any tenant. https://t.co/XOMnirG2Ab

    @securityRSS

    22 Sept 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. 🚨Microsoft Entra ID flaw allowed hijacking any company's tenant https://t.co/KCGEiAiGde Microsoft Entra ID flaw (CVE-2025-55241) could have let attackers gain Global Admin access to any tenant worldwide using undocumented “actor tokens” from the legacy Access Control Serv

    @H4ckmanac

    22 Sept 2025

    9204 Impressions

    34 Retweets

    115 Likes

    43 Bookmarks

    0 Replies

    1 Quote

  38. Microsoft patched a critical Entra ID flaw (CVE-2025-55241) allowing global admin impersonation across all tenants! 🚨 Huge security fix. https://t.co/g7HCPj4a6Q #Microsoft #EntraID #Vulnerability #Cybersecurity #InfoSec

    @0xT3chn0m4nc3r

    22 Sept 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. 📌 صنفت شركة مايكروسوفت ثغرة حرجة في Entra ID، المعروفة سابقًا باسم Azure Active Directory، تحت الرمز CVE-2025-55241، مما يتيح للمهاجمين انتحال هوية أي مستخدم، بما في ذلك الم

    @Cybercachear

    22 Sept 2025

    102 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. Critical Entra ID flaw CVE-2025-55241 (CVSS 10.0). Patch now: https://t.co/XiVjyZXcVC Thoughts? #EntraID #InfoSec #CVE2025-55241 #Identity Read More :https://t.co/XiVjyZXcVC

    @true_redfence

    22 Sept 2025

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. 🚨Microsoft Entra IDの欠陥により、あらゆる企業のテナントがハッキング可能な状態だった(CVE-2025-55241) 〜サイバーセキュリティ週末の話題〜 https://t.co/3eJy3Xprv0 #セキュリティ #インテリジェンス #OSINT

    @MachinaRecord

    22 Sept 2025

    149 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. A critical flaw (CVE-2025-55241) in Microsoft Entra ID could have allowed a compromise of every tenant worldwide by bypassing security with "Actor tokens." #EntraID #AzureAD #Vulnerability #Cybersecurity #Microsoft https://t.co/N0ufwBUijj

    @the_yellow_fall

    22 Sept 2025

    104 Impressions

    2 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  43. CVE-2025-55241: Microsoft Entra ID Flaw with CVSS 10.0 Could Have Compromised Every Tenant Worldwide https://t.co/eWhDJ8HkFu

    @CrowdCyber_Com

    22 Sept 2025

    65 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. 🗣️ CVE-2025-55241: Microsoft Entra ID Flaw with CVSS 10.0 Could Have Compromised Every Tenant Worldwide https://t.co/5r6xgpCcGE

    @fridaysecurity

    22 Sept 2025

    76 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. 🚨 CVE-2025-55241: CRITICAL Entra ID vulnerability! "Actor Tokens" allowed Global Admin takeover of ALL worldwide tenants. Dirk-jan Mollema discovery, Microsoft patches deployed. #CVE202555241 #EntraID #AzureAD #CyberSecurity #Microsoft #ActorTokens https://t.co/CEyyLxG9ca htt

    @ctrlaltnod

    21 Sept 2025

    14 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  46. TL;DR: CVE-2025-55241 is a game-changer! Act fast: patch systems, tighten logs, and migrate from legacy APIs. How is your organization handling identity security after this incident? 🤔 #CloudSecurity

    @Cyb3r_5wift

    21 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. 🚨 A critical security flaw in Microsoft Entra ID (CVE-2025-55241) could allow attackers to hijack any organization’s tenant! This vulnerability had a staggering CVSS score of 9.0! #Cybersecurity #GRC https://t.co/6nivzjkFFj

    @Cyb3r_5wift

    21 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. The fatal mix included undocumented tokens called “actor tokens” and a vulnerability in the Azure AD Graph API (CVE-2025-55241) that

    @NSIguy

    21 Sept 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. GitHub - Spanky-McSpank/CVE-2025-55241-Internal-Audit: Audit Tool for CVE-2025-55241 - No Warranty Provided or Assumed. Analyze and Use at Own Risk #CloudSecurity https://t.co/kD1maqKorH

    @zig_max

    21 Sept 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. I almost missed this one - one of the more critical cloud vulns I’ve come across. Abuse of undocumented Actor tokens let attackers escalate to Global Admin in any Entra ID tenant, bypassing Conditional Access with minimal logs. CVE-2025-55241. https://t.co/06l468t4vF

    @GilxMaman

    21 Sept 2025

    77 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Azure Entra ID Elevation of Privilege VulnerabilityCVE-2026-24305
  2. Azure Entra ID Elevation of Privilege VulnerabilityCVE-2025-59218
  3. Azure Entra ID Elevation of Privilege VulnerabilityCVE-2025-59246
  4. Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant.CVE-2024-43477

References

Sources include official advisories and independent security research.