Apple · Apple · CVE-2025-53779
**Name of the Vulnerable Software and Affected Versions**
Windows Kerberos versions prior to the August 2025 updates
**Description**
A relative path traversal issue in the Windows Kerberos protocol allows an authorized attacker to elevate privileges over a network. This can be achieved by abusing delegated Managed Service Accounts (`dMSA`), potentially granting the attacker full control over the corporate network, including domain administrator rights. This zero-day issue was actively exploited before the release of a security update.
**Recommendations**
Install the August 2025 updates.
Review permissions on Organizational Units, containers, and `dMSA` objects.
Restrict the creation and modification of `dMSA` and their migration link attributes to Tier 0 administrators.