**Name of the Vulnerable Software and Affected Versions:**

Windows Kerberos versions prior to August 2025 Patch Tuesday

**Description:**

A relative path traversal vulnerability in Windows Kerberos allows an authorized attacker to elevate privileges over a network. The vulnerability, also known as “BadSuccessor” (CVE-2025-53779), involves the abuse of delegated Managed Service Accounts (dMSAs) in Windows Server 2025, potentially allowing attackers to gain domain administrator rights. The vulnerability was actively exploited in the wild prior to the release of a patch. While the patch closes the direct privilege escalation path, the technique may still be applicable in certain scenarios and should be treated as a tactic, technique, and procedure (TTP) by defenders. Approximately 0.7% of Active Directory domains are affected.

**Recommendations:**

Install the August 2025 updates immediately.

Audit dMSA permissions.

Treat the BadSuccessor technique as a TTP even after applying the patch.