Cyberdudebivash

  Executive Snapshot What happened: Researcher Dirk-jan Mollema uncovered that undocumented “actor tokens” plus a validation flaw in the legacy Azure AD Graph API could let an attacker impersonate any user—up to Global Admin—across any Entra ID tenant , bypassing MFA, Conditional Access, and logging at the API layer. Microsoft assigned CVE-2025-55241 . dirkjanm.io +2 The Hacker News +2 Fix status: Microsoft says it addressed the issue on July 17, 2025 (no customer action required), then completed additional patching/retirement steps as Azure AD Graph reached end-of-life in late August/early September 2025. Public disclosure landed mid-September. The Hacker News +2 BleepingComputer +2 Impact: No evidence of in-the-wild exploitation, but the blast radius was theoretical tenant-wide takeover with minimal traces. Treat as critical and perform retrospective checks and hardening. The Hacker News Timeline (what’s known) July 14, 2025: Vulnerability reported to ...