Cloud Giant Avoids Global Tenant Compromise
Microsoft is disclosing a vulnerability that allowed hackers to obtain admin access to virtually any cloud instance of SharePoint or Exchange – although no evidence exists that anyone besides the researcher who disclosed the flaw was aware of the improper authentication shortcoming before the computing giant hustled out a fix.
See Also: Fighting Deepfakes: Transformative Approaches to Protect Your Business
The operating system and cloud computing giant said it fully mitigated the flaw without Azure customers needing to take action. The flaw is tracked as CVE-2025-55241.
Security researcher Dirk-jan Mollema uncovered and reported the shortcoming on July 14. Microsoft recognized the issue as a privilege escalation bug and deployed a global fix on July 17. The company said there is no evidence of exploitation in the wild.
During his research, Mollema said he was able to use his own Azure account to authenticate as any user in any other tenant, with the exception of specialized Azure clouds Microsoft has built for the U.S. government and China, since they use their own token signing keys.
The flaw combined two weak points: an undocumented impersonation mechanism called “Actor tokens” and improper tenant validation by the legacy Azure AD Graph API. Actor tokens, designed for backend service-to-service communications, allowed applications to act as another user. They bypassed key defenses including conditional access policies logging, meaning their application goes undetected.
“In my personal opinion, this whole Actor token design is something that never should have existed,” Mollema wrote.
When paired with the legacy Azure AD Graph API’s failure to properly check originating tenants, these tokens could be weaponized for cross-tenant compromise.
“This vulnerability could have allowed me to compromise every Entra ID tenant in the world – except probably those in national cloud deployments. If you are an Entra ID admin reading this, yes that means complete access to your tenant,” Mollema wrote.
With a single Actor token obtained from a controlled tenant, an attacker could authenticate as any user in another tenant. If an attacker impersonated a global admin account, the adversary could create or take over identities, elevate privileges or grant application permissions, effectively seizing full control of Microsoft 365 services and Azure resources tied to that tenant.
Azure AD Graph itself lacked comprehensive API-level logging, meaning attackers could enumerate users, groups, devices, applications, policies and BitLocker recovery keys without detection. Audit logs would only appear if the attacker made modifications and even then they could misleadingly be read as legitimate admin activity.
To execute an attack, a hacker would need the tenant ID of the target – and tenant IDs are findable using public APIs based on the domain name. A hacker would also end the netId of the tenant, which Mollema said can be brute forced. Alternatively, the hacker could exploit business-to-business trust links between tenants. Guest accounts in partner organizations often expose netIds, enabling attackers to pivot across tenants at scale.
Microsoft has restricted Actor token use to only Microsoft internal services. “If it weren’t for the complete lack of security measures in these tokens, I don’t think such a big impact with such limited telemetry would have been possible,” Mollema said.