CVE-2025-53779: Windows Kerberos Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7.2)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Publicly Disclosed

Yes

Patch Tuesday

2025-Aug

Released

2025-08-12

EPSS Score

0.51% (percentile: 66.4%)

Description

Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network.

FAQ

According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? To successfully exploit this vulnerability, an attacker would need to have elevated access to certain attributes of the dMSA, specifically: msds-groupMSAMembership: This attribute allows the user to utilize the dMSA. msds-ManagedAccountPrecededByLink: The attacker needs write access to this attribute, which allows them to specify a user that the dMSA can act on behalf of. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain domain administrator privileges.

Detection & Weaponization (1 sources)

Maturity: Exploit

• GitHub PoC: 1 repositories

Affected Products (2)

Windows

• Windows Server 2025 (Server Core installation)
• Windows Server 2025

Security Updates (2)

• 5063878
• 5064010

Acknowledgments

<a href="https://x.com/yug0rd">Yuval Gordon</a> with Akamai

Revision History

• 2025-08-12: Information published.