CVE-2025-53779

Overview

CVE-2025-53779 is a zero-day privilege escalation vulnerability in Windows Kerberos, stemming from a relative path traversal issue. It was publicly disclosed and patched by Microsoft in August 2025.

This vulnerability is notable for enabling full Active Directory (AD) domain compromise via the BadSuccessor attack.

Technical Details

• Vulnerability Type: Privilege Escalation
• Affected Component: Windows Kerberos
• Attack Vector: Local/Network
• Impact: Allows an attacker to compromise an entire AD domain
• CVSS Score: 7.2
• Exploitation: Requires at least one domain controller running Windows Server 2025
• Patch Date: August 2025 (Patch Tuesday)

Exploitation

To exploit BadSuccessor, an attacker must have at least one domain controller in a domain running Windows Server 2025. Successful exploitation allows the attacker to achieve domain compromise, potentially gaining control over all domain-joined systems.

The vulnerability is particularly dangerous in hybrid environments and can be used to escalate privileges from a standard domain user to domain admin.

Affected Systems

• Windows Server 2025 (Domain Controllers)
• Active Directory environments with Windows Server 2025 DC

Patch Information

Microsoft released security updates for this vulnerability as part of the August 2025 Patch Tuesday. Users and administrators are strongly advised to apply the update immediately, especially in AD environments.

For systems that cannot be patched, Microsoft recommends restricting domain controller roles and monitoring for suspicious Kerberos activity.

Mitigation

• Apply the latest security updates from Microsoft.
• Monitor for unusual Kerberos authentication requests.
• Restrict domain controller roles to trusted servers.
• Review and audit Active Directory permissions and group memberships.

References