cve 2025 55241

CVE-2025-55241 is a critical elevation-of-privilege vulnerability in Microsoft Entra ID (formerly Azure Active Directory). The flaw involves a tenant-validation gap in the legacy Azure AD Graph API that could allow an attacker to impersonate any user, including Global Administrators, across any tenant by abusing undocumented Actor tokens. Microsoft has released a patch for this cross-tenant impersonation risk. Discussions on WindowsForum.com clarify the correct CVE identifier and provide technical details about the attack vector and the importance of applying the update to protect enterprise identity infrastructure.