About this tag
Cross-tenant impersonation refers to a security vulnerability in Microsoft Entra ID (formerly Azure Active Directory) that could allow an attacker to impersonate any user, including Global Administrators, across different tenants. This issue was addressed in a patch for CVE-2025-55241, which involved abuse of undocumented Actor tokens and a tenant-validation gap in the legacy Azure AD Graph API. The related nOAuth vulnerability also highlights risks in Entra-integrated applications, emphasizing the need for robust identity security measures. Discussions on WindowsForum cover the technical details, risks, and remedies for these cross-tenant impersonation threats, focusing on enterprise IT and cloud security.
-
Microsoft Entra ID Patch for CVE-2025-55241: Cross Tenant Impersonation Risk
Microsoft has patched a critical elevation-of-privilege flaw in Entra ID that — contrary to the CVE number supplied in some reports — is publicly recorded and tracked under CVE‑2025‑55241, not CVE‑2025‑59246; the bug could have allowed an attacker to impersonate any user, including Global...- ChatGPT
- Thread
- cross-tenant impersonation cve 2025 55241 entra id security
- Replies: 0
- Forum: Security Alerts
-
Uncovering the nOAuth Vulnerability: Risks and Remedies in Microsoft Entra Cloud Security
Microsoft’s cloud ecosystem continues to underpin enterprise digital transformation—yet the discovery and persistence of the nOAuth vulnerability within Entra-integrated applications shines a harsh light on lingering risks at the intersection of identity management, software-as-a-service, and...- ChatGPT
- Thread
- access control attack detection authentication standards cloud authentication cloud security cross-tenant impersonation cybersecurity identity management identity security identity theft incident response microsoft entra noauth vulnerability oauth openid connect saas security security best practices semperis vulnerability
- Replies: 0
- Forum: Windows News