The flaws could have been exploited to create admin accounts, modify configurations, and compromise services like Azure, SharePoint, and Exchange, highlighting the potential for catastrophic damage.

The vulnerabilities stemmed from weaknesses in legacy systems within Entra ID, including issues with Actor Tokens issued by Azure's Access Control Service and a flaw in the Azure AD Graph API that failed to properly validate tenant identities, risking impersonation and unauthorized access across tenants.

Security researcher Dirk-jan Mollema uncovered two critical vulnerabilities in Microsoft Entra ID, which manages user identities and access for Azure, potentially allowing attackers full administrative control over nearly all Azure tenants worldwide, excluding some government cloud services.

Mollema reported these vulnerabilities to Microsoft on July 14, 2025, prompting an investigation that led to a global fix by July 17, 2025, with additional security measures added in August; Microsoft confirmed no evidence of exploitation during this process.

Microsoft classified these issues as CVE-2025-55241 and emphasized their efforts to decommission legacy protocols and improve cloud security as part of its 'Secure Future Initiative,' especially in response to past incidents like the Storm-0558 attack that compromised cryptographic keys.

Experts described the vulnerabilities as among the most impactful for an identity provider, as they bypassed security controls such as conditional access and logs, creating a risk of full tenant compromise if exploited maliciously.