A 2025 Entra token flaw let attackers impersonate global admins across tenants. Time-bound elevation with PIM shrinks what a stolen session can ever reach.
Draft outline · Security lensIn 2025 researchers disclosed an Entra ID flaw (CVE-2025-55241) abusing undocumented service-to-service actor tokens to impersonate Global Administrators across tenants. Standing privileged accounts are the blast radius; if elevation is time-bound and approved, there is far less standing privilege to steal or abuse.
Original technical write-up of the cross-tenant global-admin impersonation and its mechanics.
Independent reporting confirming impact and Microsoft's response, for a reader who saw the headline.
A security piece, but it demonstrates the practitioner-led promise: we deploy PIM and change the operating model, and we are honest about residual risk. It ties identity hardening to a named 2025 event a reader will recognise.