Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

CISA reports flaw in Adobe AEM with perfect 10.0 score – already under active attack

Discover Spotify working on ‘SongDNA’ feature to introduce you to the people behind your favorite music

Apple adds 650 megawatts of renewable energy in Europe, also deploys renewable energy in China

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » Microsoft Patch Essential EntraID Fault Enables Global Administrator Issue for Tenants Whole Global Administrators
Identity

Microsoft Patch Essential EntraID Fault Enables Global Administrator Issue for Tenants Whole Global Administrators

userBy userSeptember 22, 2025No Comments6 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

A critical token validation failure in Microsoft Entra ID (formerly Azure Active Directory) could have allowed an attacker to have users, including global administrators, impersonate any tenant.

The vulnerability tracked as CVE-2025-55241 has been assigned a maximum CVSS score of 10.0. It is described by Microsoft as a flaw in Azure Entra privilege escalation. There is no indication that this issue has been exploited in the wild. As of July 17, 2025, it is being handled by a Windows manufacturer and does not require customer action.

A security researcher at Dirk-Jan Molema, who discovered and reported the shortcomings on July 14, said the shortcomings allowed them to compromise on all Entra ID tenants around the world, except for cloud deployments nationwide.

The problem comes from the combination of two components: the use of actor tokens for services (S2S) issued by Access Control Services (ACS) and the use of fatal flaws in the legacy Azure AD graph API (Graph.windows.net).

What’s noteworthy is that the token is subject to Microsoft’s conditional access policy, allowing bad actors with access to the graph API to make illicit changes. Worse, the lack of API-level logging in the graph API means that it may be leveraged to access user information stored in bitlocker keys synchronized to Entra IDs, group and role details, tenant settings, application permissions, device information, and no traces left.

Global administrator spoofing allows attackers to create new accounts, grant additional permissions, and exclude susceptibility data, allowing full tenant compromise by accessing services that use Entra IDs, such as SharePoint Online and Exchange Online.

DFIR Retainer Service

“These resources are controlled from the tenant level and global administrators can grant rights to Azure subscriptions, providing full access to any resource hosted on Azure,” says Mollema.

Microsoft “characterizes such instances of cross-tenant access as a case of “prominent access” (HPA) that occurs when an application or service gains extensive access to customer content and is pretending to be another user without providing proof of the user’s context.

It is worth noting that the Azure Ad Graph API has been officially deprecated and deprecated as of August 31, 2025. The technology giant is urging users to migrate their apps to Microsoft graphs. The first announcement of the condemnation came in 2019.

“Applications configured for extended access that still rely on the Azure Ad Graph API will not be able to continue using these APIs in early September 2025,” Microsoft said in late June 2025.

Cloud security company Mitiga said the successful exploitation of CVE-2025-55241 allowed multi-factor authentication (MFA), conditional access and logging, leaving no incident trajectory.

“Attackers can create these [actor] Mitiga’s Roy Sherman said, “Tokens to make Enter Aiden thinks everyone, whoever they are.”

“This meant that attackers could obtain actors’ tokens from their own unfortunate testing environments and use them to impersonate global administrators of tenants in other companies. The attackers didn’t need existing access to the target organization.”

Previously, Molema also detailed the high-strength security flaws affecting the on-premises version (CVE-2025-53786, CVSS score: 8.0) of Exchange Server (CVE-2025-53786, CVSS score: 8.0) where attackers can gain high privileges under certain conditions. Another study found that normal users could abuse Intune certificate misconceptions (such as spoofable identifiers) to carry out ESC1 attacks targeting Active Directory environments.

The development comes just weeks after Binary Security’s Haakon Holm Gulbrandsrud revealed that it could directly call a Shared API Manager (APIM) instance used to promote Software as a Service (SAAS) connectors from Azure Resource Manager to achieve cross-tenant access.

“The API connection allows anyone to completely compromise on other connections around the world and have full access to the connected backend,” Gulbrandsrud said. “This includes cross-tenant compromises for keybolt and Azure SQL databases, as well as other externally connected services such as Jira and Salesforce.”

It also follows the discovery of some cloud-related flaws and attack methods over the last few weeks –

A misconception of Entra ID OAuth, which grants unauthorized access to Microsoft’s Engineering Hub Rescue on a personal Microsoft account and publishes 22 internal services and related data. An attack that leverages the known folder Move (KFM) feature of Microsoft Onedrive for Business allows bad actors who compromise Microsoft 365 users with OneDrive sync to access apps and files synced to SharePoint Online. Azure AD application credential leaks directly authenticate against Microsoft’s OAUTH 2.0 endpoint, remove sensitive data, leaks Azure AD application credentials in a published application configuration (appsettings.json) file that could have been exploited to deploy malicious apps or escalate psychics. A phishing attack involving a link to a Rogue Oauth application registered with Microsoft Azure allows users to grant permission to extract access keys for sandbox environments within mailboxes that have been compromised by Amazon Web Services (AWS) access keys, allowing unknown actors to eliminate AW permissions and promote trust between sandboxes and production environments, and promote control of AW. Remove sensitive data. Attacks involve exploiting a server-side request forfary (SSRF) vulnerability in web applications to send requests to AWS EC2 Metadata Services with the aim of accessing cloud resources by accessing Instance Metadata Services (IMDS) and obtaining temporary security credentials assigned to instance roles. Due to the current patched issue of AWS Trusted Advisor Tools, which could be leveraged for Sidestep S3 security checks by adjusting specific storage bucket policies, the tool incorrectly reports public S3 buckets as safe, leaving sensitive data exposed to data delamination and data breach. A technique code AWSDOOR for modifying the IAM configuration related to AWS roles and trust policies to set persistence in your AWS environment.

CIS Build Kit

Findings show that even the false obscurity of too many mistakes in a cloud environment can have dire consequences for the organization involved, leading to data theft and other subsequent attacks.

“Techniques such as access key injection, trust policy backdoors, and the use of knot action policies allow attackers to continue their attacks without deploying malware or triggering alarms,” ​​Risk Insights researchers Yoann Dequeker and Arnaud Petitcol said in a report released last week.

“Beyond IAM, attackers can leverage AWS resources themselves (such as Lambda features and EC2 instances) to maintain access. Disabling cloud trails, changing event selectors, deploying lifecycle policies for silent S3 removal, or isolating accounts from AWS organizations are all technologies that reduce monitoring and potential long-term destruction.


Source link

#BlockchainIdentity #Cybersecurity #DataProtection #DigitalEthics #DigitalIdentity #Privacy
Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleTrump says Lachlan and Rupert Murdoch might invest in the Tiktok deal
Next Article UK MedTech startups are calling for reforms to promote innovation
user
  • Website

Related Posts

CISA reports flaw in Adobe AEM with perfect 10.0 score – already under active attack

October 16, 2025

Chinese threat group Jewelbug secretly infiltrated Russian IT networks for months

October 15, 2025

F5 breach exposes BIG-IP source code — state hackers behind massive intrusion

October 15, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

CISA reports flaw in Adobe AEM with perfect 10.0 score – already under active attack

Discover Spotify working on ‘SongDNA’ feature to introduce you to the people behind your favorite music

Apple adds 650 megawatts of renewable energy in Europe, also deploys renewable energy in China

Chinese threat group Jewelbug secretly infiltrated Russian IT networks for months

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

The AI Revolution: Beyond Superintelligence – TwinH Leads the Charge in Personalized, Secure Digital Identities

Revolutionize Your Workflow: TwinH Automates Tasks Without Your Presence

FySelf’s TwinH Unlocks 6 Vertical Ecosystems: Your Smart Digital Double for Every Aspect of Life

Beyond the Algorithm: How FySelf’s TwinH and Reinforcement Learning are Reshaping Future Education

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.