Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants

Source: The Hacker News

Author: info@thehackernews.com (The Hacker News)

URL: https://thehackernews.com/2025/09/microsoft-patches-critical-entra-id.html

ONE SENTENCE SUMMARY:

A critical vulnerability in Microsoft Entra ID could allow attackers to impersonate users across tenants, granting access to sensitive resources.

MAIN POINTS:

1. Vulnerability CVE-2025-55241 allows cross-tenant impersonation in Microsoft Entra ID.
2. It’s rated a maximum CVSS score of 10.0, highlighting its severity.
3. Discovered by Dirk-jan Mollema, it affects all tenants except national clouds.
4. Exploit involves flawed validation in the Azure AD Graph API.
5. Exploitation bypasses MFA, Conditional Access, and leaves no traces.
6. Global Admin impersonation could lead to full tenant compromise.
7. The legacy API responsible is officially deprecated as of August 2025.
8. Similar vulnerabilities in Exchange Server and cloud services were also disclosed.
9. API Connections facilitate cross-tenant access to backend resources.
10. Misconfigurations can lead to widespread data theft and follow-on attacks.

TAKEAWAYS:

1. Critical flaws in legacy APIs can lead to severe security breaches.
2. Cross-tenant access allows impersonation of high-privilege roles like Global Admins.
3. Deprecated services like Azure AD Graph must be urgently replaced.
4. Security depends on thorough validation and monitoring of access points.
5. Misconfigurations in cloud environments pose ongoing risks to data security.