Dutch security researcher Dirk-jan Mollema discovered a critical vulnerability in Microsoft Entra ID that allowed full access to every tenant in the world. Microsoft fixed the problem within days of being notified. The flaw consisted of undocumented impersonation tokens and a validation error in the old Azure AD Graph API.
With this vulnerability, a successful attack would remain completely invisible. This is because there was no logging for requesting Actor tokens. Even if there had been, it would only appear in the attacker’s tenant, not in the victim’s.
Furthermore, the Azure AD Graph API does not have API-level logging. Its successor, Microsoft Graph, does have this, but logging for Azure AD Graph is still in limited preview.
This meant that attackers could gain access to user information, group data, tenant settings, applications, and even BitLocker keys without being noticed.
Dangerous combination of flaws
The vulnerability consisted of two components that, when combined, could be catastrophic. First, there were undocumented “Actor tokens” that Microsoft uses internally for service-to-service communication. These tokens were not subject to security policies such as Conditional Access.
Second, the outdated Azure AD Graph API contained a critical error when validating the original tenant. This allowed these tokens to be used for cross-tenant access.
With a token from his own lab, the researcher could impersonate any user in other tenants, including Global Admins. “Effectively, this meant that with a token from my lab tenant, I had full access to every other tenant in the world,” according to the findings.
Full tenant compromise
By impersonating a Global Admin, an attacker could modify all objects and settings in the tenant. This would result in full tenant compromise, with access to services such as SharePoint Online and Exchange Online.
Attackers would also gain full access to Azure resources, as Global Admins can grant themselves rights to Azure subscriptions.
Although modifying objects usually generates audit logs, this would appear as if a legitimate Global Admin was performing the actions.
Quick response from Microsoft
The researcher reported the vulnerability to the Microsoft Security Response Center on the same day. Microsoft resolved the issue within a few days and rolled out additional mitigations.
The company was assigned CVE-2025-55241 for this vulnerability. Based on internal telemetry, Microsoft did not detect any abuse of the flaw.
Applications can no longer request Actor tokens for the Azure AD Graph API. A KQL detection rule is available for organizations that want to search for possible traces of abuse.
Tip: Fabric gets real-time data mirroring from Oracle and BigQuery