Notifications

Clear all

Critical Microsoft Entra ID Breach: Global Access Risk Uncovered

Last Post

RSS

NHI Mgmt Group

(@nhi-mgmt-group)

Prominent Member

Joined: 8 months ago

Posts: 276

Topic starter 18/12/2025 9:46 am

Executive Summary

In September 2025, a critical vulnerability was disclosed in Microsoft’s Entra ID (formerly Azure Active Directory), allowing adversaries to obtain Global Administrator access across any organization’s tenant. This vulnerability, tracked as CVE-2025-55241 and rated 10.0 (Critical), emerged from a combination of legacy token misuse and a loophole in the Azure AD Graph API. Security researcher Dirk-jan Mollema identified a weakness in undocumented “actor tokens,” which allowed attackers to impersonate users, including administrators, without leaving traces in the target tenant. The breach potentially impacted all organizations utilizing Entra ID, necessitating immediate remediation by Microsoft.

Read the full breach analysis from NHI Mgmt Group here

Key Details

Breach Timeline

September 2025: Vulnerability in Entra ID identified by researcher Dirk-jan Mollema.
Immediate investigation revealed the potential for Global Administrator access via actor tokens.
Microsoft confirmed the issue and initiated a patch shortly after the discovery.

Data Compromised

Global Administrator credentials were at risk due to the flaw in actor token validation.
Potential for unauthorized access to sensitive organizational data and systems.

Impact Assessment

All organizations using Entra ID faced significant exposure to attacks.
The breach could lead to severe data breaches and unauthorized system modifications.

Company Response

Microsoft acted quickly to patch the vulnerability and remove the legacy component.
They issued advisories for organizations to enhance their security measures post-breach.

Security Implications

This incident highlights the dangers of relying on undocumented legacy systems in cloud services.
Organizations are urged to review their access control mechanisms and token management practices.

If you want to learn more about how to secure NHIs including AI Agents, check our NHI Foundational Training Course.

Quote

Topic Tags

Forum Statistics

9 Forums

1,095 Topics

1,113 Posts

1 Online

110 Members

Latest Post: Amazon AWS Breach: Hacked Accounts Power Major Crypto-Mining Our newest member: Tessasip Recent Posts Unread Posts Tags

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed

#1 Authority in NHI Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs).

Get in Touch

Quick Links

NHI News

Legal & Policies