A Perfect 10 You Never Want to See
In July 2025, security researcher Dirk-jan Mollema reported a vulnerability to Microsoft that earned the maximum possible severity score: CVSS 10.0. The flaw, later assigned CVE-2025-55241, could have allowed an attacker to impersonate any user in any Microsoft Entra ID tenant, including Global Administrators, without triggering MFA, bypassing Conditional Access policies, or leaving meaningful audit trails.
Microsoft deployed an emergency fix within three days of disclosure. No active exploitation was detected. But the implications of this vulnerability deserve serious attention from every organization running Microsoft 365, because it exposed a fundamental weakness in how Microsoft's identity platform handled trust boundaries between tenants.
If you manage a Microsoft 365 environment for a mid-sized company, this is the kind of threat that should reshape how you think about privileged access monitoring.
What Happened: The Technical Breakdown
The vulnerability involved two components working together in the worst possible way.
Actor Tokens and the Access Control Service
Deep inside Microsoft's identity infrastructure, there is a mechanism called Actor tokens. These are service-to-service tokens issued by the Access Control Service (ACS), a legacy component of Azure Active Directory. Microsoft's own internal services use Actor tokens to perform operations on behalf of users, a pattern sometimes called on-behalf-of or delegation.
Under normal circumstances, Actor tokens are an internal plumbing detail that tenant administrators never see or interact with. But Mollema discovered that these tokens had dangerous properties:
- They could impersonate any user without requiring that user's credentials
- They had 24-hour validity with no revocation mechanism
- They were not subject to Conditional Access policies or MFA enforcement
- They generated minimal logging, making them nearly invisible in audit trails
The Tenant Validation Failure
The critical flaw was in the deprecated Azure AD Graph API (graph.windows.net). This legacy API failed to properly validate the originating tenant of Actor tokens. In practical terms, an attacker could:
- Create or obtain an Actor token from their own test tenant (one they fully control)
- Present that token to the Azure AD Graph API targeting a completely different tenant
- The API would accept the token and grant access as if the attacker were a legitimate user in the target tenant
No prior access to the target organization was required. No phishing. No credential theft. No exploiting a user's mistake. The attacker just needed their own Azure tenant and knowledge of the vulnerability.
What an Attacker Could Do
With a crafted Actor token impersonating a Global Administrator, an attacker gained access to virtually everything:
- Read and modify directory data including user accounts and group memberships
- Create service principals and grant them elevated permissions
- Change role assignments to establish persistent backdoor access
- Access tenant settings, device information, and even BitLocker recovery keys
- Compromise downstream services including SharePoint Online, Exchange Online, and Azure resources
Microsoft characterized the access level as enabling applications to "impersonate other users without providing any proof of user context." That is about as bad as identity vulnerabilities get.
Why This Matters for Mid-Sized Companies
You might be thinking: "Microsoft patched it. No exploitation detected. Why should I care?"
Three reasons.
1. Legacy APIs Are a Persistent Attack Surface
CVE-2025-55241 existed because of a legacy API that Microsoft had been trying to retire for years. The Azure AD Graph API was officially deprecated in 2020 and finally retired on August 31, 2025, partly accelerated by this vulnerability.
But many organizations, especially mid-sized companies without dedicated identity engineering teams, still have applications and integrations that depend on legacy APIs. Every deprecated endpoint in your environment is a potential blind spot that receives less scrutiny from both Microsoft and attackers.
Ask your team: Do we have any applications still using the Azure AD Graph API? Have we fully migrated to Microsoft Graph?
2. Your Detection Capabilities Have Blind Spots
The most troubling aspect of CVE-2025-55241 was not the access it granted but the fact that it was nearly invisible. Actor tokens bypassed the security controls that most organizations rely on:
- MFA did not trigger because the token mechanism operated outside the interactive authentication flow
- Conditional Access policies were irrelevant because Actor tokens are not evaluated against them
- Audit logs showed minimal activity because the legacy API path generated limited logging
For a mid-sized company relying on standard Microsoft 365 security tooling, this attack would have been essentially undetectable through normal monitoring. The only reliable way to catch it would have been detecting the outcomes of the attack: unexpected role assignments, new service principals, or changes to tenant configuration.
3. Identity Attacks Are Accelerating
CVE-2025-55241 did not arrive in isolation. In late 2025, researchers at Push Security uncovered ConsentFix, a separate attack technique targeting Entra ID through OAuth consent abuse. ConsentFix uses social engineering to trick users into granting OAuth tokens for the Azure CLI, a first-party Microsoft application that is implicitly trusted in every Entra ID tenant and cannot be blocked or deleted.
The ConsentFix attack chain is particularly concerning because it:
- Bypasses MFA entirely since the victim authenticates through a legitimate Microsoft OAuth flow
- Defeats phishing-resistant authentication including passkeys, because no credential phishing occurs
- Exploits first-party app trust that administrators cannot remove or restrict
- Has been linked to APT29 (Russian state-affiliated threat actors) in observed campaigns
Together, CVE-2025-55241 and ConsentFix illustrate a clear trend: attackers are moving up the stack from credential theft to identity infrastructure exploitation. They are targeting the trust mechanisms themselves, not just the passwords that protect them.
What You Should Do Now
Here are concrete steps your team can take, prioritized for organizations with limited security staff.
Immediate Actions (This Week)
Audit your Azure AD Graph API dependencies. Any application still using graph.windows.net endpoints should be flagged for immediate migration to Microsoft Graph. Microsoft provides a migration guide and tooling to identify affected apps.
Review your privileged role assignments. Run a complete audit of every user and service principal with elevated roles in Entra ID. Pay particular attention to:
- Global Administrator assignments (aim for 2-4 maximum, with PIM for just-in-time activation)
- Any roles assigned to service principals you do not recognize
- Role assignments that were made in July or August 2025 (during the vulnerability window)
Check for unexpected service principals. Look for service principals created in the last six months that your team does not recognize. These could indicate compromised applications or backdoor access.
Short-Term Actions (This Month)
Enable and review AADGraphActivityLogs. If you have not already, enable logging for Azure AD Graph API activity. This will help you identify any remaining legacy API usage and establish a baseline.
Monitor Azure CLI sign-in activity. Given the ConsentFix threat, set up alerts for login events to the Azure CLI application (Application ID: 04b07795-8ddb-461a-bbee-02f9e1bf7b46). Unexpected sign-ins to this app from your users could indicate consent phishing.
Restrict user consent for OAuth applications. Configure your tenant so that users cannot grant consent to third-party applications without admin approval. While this does not prevent first-party app abuse (like ConsentFix), it reduces your overall OAuth attack surface.
Ongoing Practices
Implement continuous privileged access monitoring. Point-in-time audits are necessary but insufficient. If an attacker adds a Global Admin role assignment at 2 AM on a Saturday, you need to know about it before Monday morning, not during the next quarterly access review.
Establish a configuration baseline for identity. Document your intended state for critical identity configurations: how many Global Admins should exist, which Conditional Access policies should be active, what guest access settings are appropriate. Then monitor for drift from that baseline continuously.
Review service principal permissions quarterly. Service principals accumulate permissions over time and are rarely audited. Each one represents an identity that could be compromised or abused.
The Bigger Picture: Why Detection Must Focus on Outcomes
CVE-2025-55241 teaches an important lesson about cloud identity security. You cannot rely solely on preventive controls like MFA and Conditional Access. When an attacker operates at the token infrastructure level, those controls become irrelevant.
What remains reliable is detecting the outcomes of a compromise:
- A new Global Administrator appeared that nobody authorized
- A service principal was granted Directory.ReadWrite.All permissions
- A Conditional Access policy was disabled or modified
- Guest access settings were loosened without a change request
These are the signals that persist regardless of how an attacker gained access. Whether through a token vulnerability, consent phishing, or a compromised admin credential, the attacker's objectives look the same: elevate privileges, establish persistence, access sensitive data.
Organizations that monitor for these configuration changes continuously, rather than periodically, dramatically reduce the window in which an attacker can operate undetected.
Closing the Gap With Continuous Configuration Monitoring
The pattern exposed by CVE-2025-55241 is exactly what TrueConfig is built to address. TrueConfig continuously evaluates your Microsoft 365 tenant's privileged access configuration against a defined baseline. When reality deviates from your intended state, whether because of a vulnerability exploit, an insider threat, or simple administrative error, you get visibility within hours.
Specifically, TrueConfig monitors for the exact outcomes that CVE-2025-55241 would have produced:
- Unauthorized Global Administrator role assignments
- Unexpected service principal creation or permission changes
- Modifications to Conditional Access policies
- Drift from your defined security baseline across identity and access controls
No vulnerability can be prevented before it is discovered. But the damage from any identity compromise can be contained when you detect unauthorized changes to your most critical configurations quickly and reliably.
See how TrueConfig monitors privileged access configuration
Sources:
- Dirk-jan Mollema, "One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens"
- The Hacker News, "Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants"
- Mitiga, "Breaking Down the Microsoft Entra ID Actor Token Vulnerability"
- CyberMaxx, "Critical Entra ID Vulnerability CVE-2025-55241"
- Push Security, "ConsentFix: Browser-native ClickFix hijacks OAuth grants"
- Dark Reading, "Critical Azure Entra ID Flaw Highlights Microsoft IAM Issues"