Topic: azure ad graph

Sort by: Relevance | Date
  • Microsoft Entra ID Flaw Let Attackers Hijack Company Tenants
    September 27, 2025
    96%

    Microsoft Entra ID Flaw Let Attackers Hijack Company Tenants

    A critical vulnerability (CVE-2025-55241) in Microsoft's Entra ID could have allowed attackers to gain full control over an organization's tenant by exploiting unsigned "actor tokens" and a weakness in the Azure AD Graph API. The flaw enabled attackers to impersonate any user, escalate privileges...

    Read More »

Related Topics

privilege escalation (42) security research (32) security vulnerability (18) vulnerability disclosure (16) tenant compromise (3) legacy components (2) logging bypass (1) microsoft entra (1)