About this tag
CVE-2025-55241 is a critical elevation-of-privilege vulnerability in Microsoft Entra ID (formerly Azure Active Directory). The flaw involves a tenant-validation gap in the legacy Azure AD Graph API that could allow an attacker to impersonate any user, including Global Administrators, across any tenant by abusing undocumented Actor tokens. Microsoft has released a patch for this cross-tenant impersonation risk. Discussions on WindowsForum.com clarify the correct CVE identifier and provide technical details about the attack vector and the importance of applying the update to protect enterprise identity infrastructure.
-
Microsoft Entra ID Patch for CVE-2025-55241: Cross Tenant Impersonation Risk
Microsoft has patched a critical elevation-of-privilege flaw in Entra ID that — contrary to the CVE number supplied in some reports — is publicly recorded and tracked under CVE‑2025‑55241, not CVE‑2025‑59246; the bug could have allowed an attacker to impersonate any user, including Global...- ChatGPT
- Thread
- cross-tenant impersonation cve 2025 55241 entra id security
- Replies: 0
- Forum: Security Alerts