Critical Azure Entra ID Vulnerability Allows Tenant-Wide Compromise

Critical Vulnerabilities in Azure Identity and Windows Admin Center

Windows Admin Center Vulnerability

A high-severity vulnerability has been identified in Windows Admin Center's Azure Single Sign-On (SSO) implementation. This flaw could allow unauthorized access to Azure virtual machines and Arc-connected systems across entire tenants. Cymulate Research Labs discovered the vulnerability, tracked as CVE-2026-20965.

Microsoft addressed the issue in Windows Admin Center Azure Extension v0.70.00, released on January 13, 2026, following disclosure in August 2025. Organizations using versions older than this remain vulnerable. The vulnerability stems from improper token validation in WAC Azure SSO, enabling the mixing of stolen WAC.CheckAccess tokens with forged Proof-of-Possession (PoP) tokens for lateral movement. Cymulate added that exploitation requires local admin access on a WAC-enabled Azure VM or Arc machine, along with a privileged user connecting via the Azure Portal.

Windows Admin Center uses two tokens:

• WAC.CheckAccess (verifies role-based access via UPN)
• PoP-bound token (browser-generated key pair prevents replay)

The vulnerability includes flaws such as no UPN matching between tokens, acceptance of cross-tenant PoP tokens, non-gateway URLs in PoP, reused nonces, and unscoped WAC.CheckAccess tokens granting tenant-wide access. The exposure of port 6516 via Just-In-Time (JIT) access to all IPs, instead of just gateway DNS, enables direct forgery without DNS discovery.

Attack Chain Details

The attack chain involves several steps:

1. Dumping the WAC certificate, stopping the service, and running a rogue server.
2. Capturing an admin’s WAC.CheckAccess token during portal connection.
3. Enumerating targets via metadata/subnet.
4. Forging PoP using an attacker tenant by generating keys, binding via refresh token, and inserting the target resource ID/IP.
5. Sending InvokeCommand with mixed tokens for Remote Code Execution (RCE) on any accessible WAC machine.
6. Repeating for chaining.

This enables lateral movement, privilege escalation, credential theft, cross-subscription compromise, and evasion via fake UPNs.

Detection and Mitigation

Organizations should monitor for WAC virtual accounts, such as WAC\\_user@externaltenant.onmicrosoft.com, which indicate potential abuse. Flag anomalous WAC activity, like new identities on targets and spikes in InvokeCommand usage in trusted contexts.

The following KQL query can be used to detect suspicious logons:

DeviceLogonEvents | where Timestamp > ago(30d) | where AccountName has "@" | where not(AccountName has "<your-tenant>") | project Timestamp, DeviceName, AccountName, ActionType, LogonType | order by Timestamp desc

Indicators of Compromise (IOCs):

• Port 6516 open via JIT NSG (all sources).
• Rogue WAC processes/services.
• Mixed-tenant UPN logons.
• Unscoped PoP token reuse.

Immediate action includes updating to v0.70.00, enhancing NSG/JIT to gateway-only, and monitoring WAC logs for anomalies.

Azure Entra ID Vulnerability

A critical vulnerability in Microsoft Entra ID (formerly Azure Active Directory), identified as CVE-2025-55241, could allow attackers to impersonate any user, including Global Administrators, across tenants. The vulnerability received a CVSS score of 10.0. Microsoft addressed the flaw on July 17, 2025, after it was reported by Dirk-jan Mollema on July 14, 2025.

The vulnerability resulted from the use of service-to-service (S2S) "actor" tokens issued by the legacy Access Control Service (ACS) and a tenant-validation bug in the deprecated Azure AD Graph API (graph.windows.net). The Azure AD Graph API did not properly verify the originating tenant of these actor tokens, allowing attackers to craft or obtain a token in their environment and use it to impersonate accounts in other tenants. These tokens bypassed Conditional Access policies, enabling cross-tenant privilege escalation.

An attacker posing as a Global Administrator could create accounts, grant permissions, modify tenant settings, exfiltrate user and configuration data, and gain control of services relying on Entra ID for authentication, such as Exchange Online, SharePoint Online, and Azure subscriptions. Exploitation could bypass multi-factor authentication, Conditional Access, and API-level logging, leaving little forensic evidence.

Microsoft has classified this as “high-privileged access” (HPA). The Azure AD Graph API was deprecated and retired on August 31, 2025, with organizations urged to migrate to Microsoft Graph.

Technical Details of the Exploit

Dirk-jan Mollema explains that actor tokens are issued by the Access Control Service and used for authentication with SharePoint applications and internally by Microsoft. These tokens allow a service to act as another user in the tenant when communicating with Exchange Online, SharePoint, and the Azure AD Graph.

Actor tokens are not signed, can impersonate any user, and have a 24-hour validity without revocation. They also lack proper security controls:

• No logs when Actor tokens are issued.
• No logs when they are created or used.
• Cannot be revoked within their 24-hour validity.
• Completely bypass any restrictions configured in Conditional Access.

Attack Scenario

An attacker can exploit this vulnerability by:

1. Finding the tenant ID for the targeted environment using public APIs based on the domain name.
2. Finding a valid netId of a regular user in the target tenant.
3. Crafting an impersonation token with the actor token from the attacker tenant using the tenant ID and netId of the user in the victim tenant.
4. Listing all Global Admins in the tenant and their netId.
5. Crafting an impersonation token for the Global Admin.
6. Performing any read/write action through the Azure AD Graph API.

Only the activity in the last step would be recorded in the victim tenant.

Remediation Steps

1. Confirm Microsoft’s fix is in effect: Verify your tenant shows no outstanding mitigation notices and that Microsoft’s service health indicates the patch was deployed.
2. Search for signs of compromise: Review Azure AD Sign-ins and Audit logs for unusual Global Admin sign-ins, unexpected admin role assignments, new user creation, and app registration changes.
3. Look for suspicious use of legacy Graph API calls: Query logs for requests to graph.windows.net and any unusual API calls that access user/group/role or device information.
4. Rotate high-risk secrets and revoke sessions: Immediately rotate credentials for service principals, app secrets, certificates, and any long-lived keys for apps that used legacy APIs.

Gopher Security's Approach

Gopher Security specializes in AI-powered, post-quantum Zero-Trust cybersecurity architecture. Our platform converges networking and security across devices, apps, and environments—from endpoints and private networks to cloud, remote access, and containers—using peer-to-peer encrypted tunnels and quantum-resistant cryptography.

Recommendations

Organizations should:

• Validate that Microsoft’s mitigations for CVE-2025-55241 are applied across all tenants and confirm no dependencies remain on the deprecated Azure AD Graph API.
• Accelerate the retirement of legacy integrations and enforce least-privilege principles across all applications and service principals.
• Implement Privileged Identity Management (PIM) to eliminate permanent Global Administrator assignments and enforce just-in-time elevation.
• Strengthen monitoring and log export to external SIEM platforms.
• Review and restrict guest access and cross-tenant trust relationships.

Gopher Security can help your organization assess and mitigate these risks. Contact us today to learn more about our AI-powered, post-quantum Zero-Trust cybersecurity solutions: Gopher Security.