CVE-2025-53779

Name of the Vulnerable Software and Affected Versions Windows Kerberos versions prior to August 2025 Patch Tuesday

Description A relative path traversal vulnerability in Windows Kerberos allows an authorized attacker to elevate privileges over a network. This vulnerability, also known as “BadSuccessor” (CVE-2025-53779), involves the exploitation of delegated Managed Service Accounts (dMSAs) in Windows Server 2025, potentially granting attackers domain administrator rights. The vulnerability was actively exploited in the wild prior to the release of a patch. While the patch addresses the direct privilege escalation path, the underlying technique may persist and should be considered a tactic, technique, and procedure (TTP) by defenders. Approximately 0.7% of Active Directory domains are estimated to be affected.

Recommendations Update your Windows Server 2025 domain controllers to the August 2025 Patch Tuesday update. Review permissions on Organizational Units (OUs), containers, and dMSA objects, tightening delegations and removing broad rights to restrict access to Tier 0 administrators for creating or modifying dMSAs and their migration link attributes.