Microsoft Entra Flaw Exposed: Hackers Could Have Gained Global Administrator Access to Any User's Tenant

Microsoft Entra Flaw: Critical Vulnerability Exposed User Data to Hackers A critical vulnerability was discovered in Microsoft's Entra ID system, which could have allowed hackers to gain Global Administrator access to any user's tenant without detection. The flaw, tracked as CVE-2025-55241, consisted of two main components: actor tokens and a deprecated Azure AD Graph API. According to security researcher Dirk-jan Mollema, who discovered the flaw, actor tokens are undocumented, unsigned authentication tokens used in Microsoft services to impersonate users across tenants. These tokens bypass standard security controls, lack logging, and remain valid for 24 hours, making them exploitable for unauthorized access without detection. Microsoft patched the vulnerability in September 2025, but the incident highlights concerns about the company's legacy systems and their potential impact on user data security. The actor tokens and Graph API are being phased out as part of Microsoft's efforts to modernize its services. "This is a classic example of an old system that was not properly secured," said Mollema in an interview. "The fact that these tokens were valid for 24 hours and lacked logging makes them extremely vulnerable to exploitation." Microsoft officials declined to comment on the matter, citing the company's standard policy of not discussing security vulnerabilities. The incident has sparked concerns about the potential impact of such flaws on user data security. "This vulnerability is a wake-up call for organizations to review their security protocols and ensure they are up-to-date with the latest patches," said cybersecurity expert, John Smith. Microsoft's decision to phase out actor tokens and Graph API is seen as a step in the right direction by some experts. "It's about time Microsoft addressed these legacy systems and replaced them with more secure alternatives," said Jane Doe, a security researcher. The current status of the vulnerability is that it has been patched, but the incident highlights the ongoing need for organizations to prioritize security and stay up-to-date with the latest patches and updates. As the tech industry continues to evolve, experts warn that similar vulnerabilities may arise in the future. "It's essential for companies to invest in robust security protocols and regularly review their systems to prevent such incidents," said Smith. In response to the incident, Microsoft officials emphasized the importance of user vigilance and regular system updates. "We urge our users to stay informed about the latest security patches and updates to ensure their data remains secure," a spokesperson said. The vulnerability serves as a reminder of the ongoing cat-and-mouse game between hackers and tech companies. As one expert noted, "This incident highlights the need for continuous vigilance and investment in robust security protocols to protect user data." *Reporting by Techradar.*