A newly disclosed vulnerability tracked as CVE-2025-55241 has been reported. The flaw, discovered by an independent researcher and disclosed in September 2025, revealed that Microsoft Entra ID, formerly Azure Active Directory (Azure AD) was vulnerable to a critical token validation issue that allowed attackers to impersonate Global Administrators across virtually any Entra ID tenant. The scope of this exploit spanned Microsoft 365, Azure resources, and connected applications, all without detection.
First seen on thecyberexpress.com
Jump to article: thecyberexpress.com/cve-2025-55241-exposes-entra-id-admin-access/
