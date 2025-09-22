erek
“In late June, the company warned that apps configured for extended access but still used Azure AD Graph would no longer be able to use the APIs starting early September 2025.
Mollema reported the issues to Microsoft on July 14 and the company confirmed that the problem was resolved nine days later.
On September 4, Microsoft also patched CVE-2025-55241, describing it as a critical privilege escalation vulnerability in Azure Entra.”
Source: https://www.bleepingcomputer.com/ne...d-flaw-allowed-hijacking-any-companys-tenant/
