A newly disclosed vulnerability tracked as CVE-2025-55241 has been reported. The flaw, discovered by an independent researcher and disclosed in September 2025, revealed that Microsoft Entra ID, formerly Azure Active Directory (Azure AD) was vulnerable to a critical token validation issue that allowed attackers to impersonate Global Administrators across virtually any Entra ID tenant. The scope of this exploit spanned Microsoft 365, Azure resources, and connected applications, all without detection.
This vulnerability, described by experts as one of the most severe to date in Entra ID, revolved around the misuse of undocumented Actor tokens and a fundamental design flaw in the Azure AD Graph API, a legacy interface still relied upon by many Microsoft internal services.
What Are Actor Tokens?
Actor tokens are a type of JSON Web Token (JWT) issued by Microsoft’s Access Control Service. These tokens facilitate inter-service communication, primarily for Microsoft’s own applications such as Exchange Online or SharePoint.
What makes Actor tokens particularly dangerous is their invisibility: they are not governed by Conditional Access policies, lack real-time telemetry, and are never logged in the target tenant. Valid for 24 hours, these tokens carry a “trustedfordelegation” claim that allows the bearer to impersonate any user in a tenant, even a Global Admin, without that tenant’s knowledge.
Even more concerning, Actor tokens can be embedded into client-side constructed impersonation tokens, which bypass verification checks entirely. These impersonation tokens are unsigned, meaning there’s no cryptographic protection in place, and they can be presented to services like the Azure AD Graph API without challenge.
The Azure AD Graph API Flaw
The second and arguably more catastrophic failure was in the Azure AD Graph API itself. During security testing in preparation for talks at DEF CON and Black Hat, the researcher discovered that the API failed to validate the tenant ID of incoming impersonation tokens.
As a result, an attacker could:
- Use an Actor token from a controlled (lab) tenant.
- Create a token impersonating a user in another tenant.
- Submit requests to Azure AD Graph as that user.
- Access or modify data as though they were that user, including those with Global Admin privileges.
This effectively shattered tenant isolation, a foundational security assumption in multi-tenant cloud platforms.
Untraceable Access and Data Theft
One of the most interesting aspects of CVE-2025-55241 is the complete lack of telemetry:
- Actor tokens are not logged upon issuance.
- Impersonation tokens are unsigned and unverified at runtime.
- Azure AD Graph API generates no logs for read operations.
Only some written actions, such as user creation or configuration changes, might produce audit logs, and even then, they appear as if executed by legitimate Global Admins. This lack of visibility made the exploit nearly impossible to detect.
Data accessible through this flaw included:
- User profiles and personal data.
- Group memberships and roles.
- Tenant configurations and Conditional Access policies.
- Application settings and BitLocker recovery keys.
Proof of Concept and Attack Flow
The researcher’s proof of concept outlined a minimal set of prerequisites for compromise:
- A tenant ID (publicly obtainable).
- A netId (a legacy identifier present in access tokens).
With these, an attacker could impersonate any user, escalate to Global Admin, and perform reconnaissance or establish persistent access, all without alerting defenders.
A particularly effective method involved B2B trust relationships. When a user from Tenant B is invited to Tenant A, their netId is stored in Tenant A. An attacker with access to Tenant A could extract the netId and use it to impersonate the user in their home tenant (Tenant B).
With default Entra ID settings, this could be repeated exponentially across multiple tenants, including Microsoft’s own, due to guest accounts and cross-tenant relationships.
Timeline and Microsoft’s Response
The issue was responsibly disclosed to Microsoft on July 14, 2025. Microsoft promptly opened an investigation and deployed a global fix by July 17, followed by further mitigation steps on August 6. The vulnerability was officially assigned CVE-2025-55241 on September 4, with the full technical details published on September 17.
Microsoft’s response included:
- Blocking Actor tokens from being used cross-tenant via Azure AD Graph.
- Restricting issuance of Actor tokens with Service Principal credentials.
- Declaring that no exploitation was detected, though this comes with caveats due to the exploit’s stealthy nature.
Detection and Defense
Although read operations via Azure AD Graph are unlogged, researchers developed a detection method based on anomalies in audit logs for write actions. For instance, logs showing a user’s UPN but an app’s display name (like “Exchange Online”) could indicate Actor token misuse.
A sample Kusto Query Language (KQL) detection rule filters for suspicious operations initiated by services such as SharePoint, Dynamics, or Exchange, which appear under Global Admin accounts, a telltale sign of token-based impersonation.
