CVE-2025-53779
Windows Kerberos Elevation of Privilege Vulnerability
Description
Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
INFO
Published Date :
Aug. 12, 2025, 6:15 p.m.
Last Modified :
Aug. 18, 2025, 3:22 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | [email protected] |
Solution
- Apply the latest Windows security updates.
- Verify Kerberos service configurations.
- Monitor network access logs.
Public PoC/Exploit Available at Github
CVE-2025-53779 has a 5 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-53779.
| URL | Resource |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53779 | Vendor Advisory |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-53779 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-53779
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Automating the BadSuccessor attack
PowerShell
Reflective loaded version of the Rubeus PR that enables dMSA
PowerShell
PowerShell Script to automatically abuse the BadSuccessor vulnerability (CVE-2025-53779)
PowerShell
A research-focused archive of publicly disclosed Windows zero-day vulnerabilities. This project summarizes CVEs, disclosure timelines, vendor advisories, and defensive mitigations. ⚠️ No exploit code included — educational and defensive use only.
cve cybersecurity infosec security-research threat-intelligence vulnerabilities windows zero-day
HTML
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
security cve exploit poc vulnerability
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-53779 vulnerability anywhere in the article.
-
Help Net Security
September 2025 Patch Tuesday forecast: The CVE matrix
We work in an industry driven by Common Vulnerabilities and Exposures (CVE). Each security update released by myriad vendors addresses some flaw in software that could be exploited and those flaws tha ... Read more
-
CrowdStrike.com
August 2025 Patch Tuesday: One Publicly Disclosed Zero-Day and 13 Critical Vulnerabilities Among 107 CVEs
Microsoft has addressed 107 vulnerabilities in its August 2025 security update release. This month's patches include fixes for one publicly disclosed zero-day vulnerability and 13 Critical vulnerabili ... Read more
-
Daily CyberSecurity
BadSuccessor (CVE-2025-53779) Technique Persists Despite Microsoft Patch
At DEF CON 2025, Akamai security researcher Yuval Gordon revealed the story of BadSuccessor (CVE-2025-53779), an Active Directory (AD) vulnerability in Windows Server 2025’s delegated Managed Service ... Read more
-
Daily CyberSecurity
MystRodX: A Stealthy New Backdoor Found Hiding in Networks for Over 20 Months
XLab has identified a previously unknown and stealthy backdoor dubbed MystRodX, capable of operating undetected in compromised environments for extended periods. Initially mistaken for the well-known ... Read more
-
CybersecurityNews
BadSuccessor Post-Patch: Leveraging dMSAs for Credential Acquisition and Lateral Movement in Active Directory
Microsoft’s recent patch for the BadSuccessor vulnerability (CVE-2025-53779) has successfully closed the direct privilege escalation path, but security researchers warn that the underlying technique r ... Read more
-
CybersecurityNews
Cisco Nexus 3000 and 9000 Series Vulnerability Let Attackers Trigger DoS Attack
Cisco has issued a High-severity security advisory alerting customers to a critical vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of NX-OS Software for Cisco Nexus 30 ... Read more
-
Help Net Security
Week in review: 2 threat actors exploiting WinRAR 0-day, Microsoft fixes “BadSuccessor” Kerberos flaw
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: WinRAR zero-day was exploited by two threat actors (CVE-2025-8088) The RomCom attackers aren’t the onl ... Read more
-
CybersecurityNews
Canada’s House of Commons Hit by Cyberattack Exploiting Recent Microsoft vulnerability
A cyberattack hit the Canadian House of Commons on August 9, 2025, when threat actors exploited a recently disclosed Microsoft vulnerability to gain unauthorized access to sensitive employee informati ... Read more
-
Help Net Security
Microsoft fixes “BadSuccessor” Kerberos vulnerability (CVE-2025-53779)
For August 2025 Patch Tuesday, Microsoft has released security updates resolving 100+ security vulnerabilities in its various solutions, including a relative path traversal flaw in Windows Kerberos (C ... Read more
-
The Hacker News
Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws
Microsoft on Tuesday rolled out fixes for a massive set of 111 security flaws across its software portfolio, including one flaw that has been disclosed as publicly known at the time of the release. Of ... Read more
-
Daily CyberSecurity
Microsoft’s August Patch Tuesday: Zero-Day Kerberos Flaw Threatens Domain Admins
Microsoft’s August 2025 Patch Tuesday brings security updates for 119 vulnerabilities, including 13 rated Critical and 91 Important. The release addresses flaws across key Windows components, Microsof ... Read more
-
TheCyberThrone
Microsoft Patch Tuesday August 2025
August 13, 2025Microsoft’s August 2025 Patch Tuesday brought critical security updates for 107 vulnerabilities across its products. Below is an enhanced, note-rich breakdown, with real-world exploitat ... Read more
-
The Register
Microsoft's Patch Tuesday baker's dozen: 12 critical bugs plus a SharePoint RCE
Microsoft’s August Patch Tuesday flaw-fixing festival addresses 111 problems in its products, a dozen of which are deemed critical, and one moderate-severity flaw that is listed as being publicly know ... Read more
-
Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Patch Tuesday: Microsoft Fixes 107 Vulnerabilities, Including 13 RCE Flaws
Microsoft’s August Patch Tuesday fixes 107 vulnerabilities, including 13 critical RCE flaws, impacting Windows, Office, Azure, and more, urging fast updates. Microsoft delivered patches for 107 vulner ... Read more
-
krebsonsecurity.com
Microsoft Patch Tuesday, August 2025 Edition
Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft’s most-dire “critical” rating, mean ... Read more
-
CybersecurityNews
Microsoft Releases Windows 11 Cumulative Updates (KB5063878, KB5063875) August 2025 with New Features
Microsoft has released the Windows 11 August 2025 Cumulative Updates, KB5063878 for version 24H2 and KB5063875 for versions 22H2 and 23H2, delivering critical stability fixes and new features released ... Read more
-
BleepingComputer
Microsoft August 2025 Patch Tuesday fixes one zero-day, 107 flaws
Today is Microsoft's August 2025 Patch Tuesday, which includes security updates for 107 flaws, including one publicly disclosed zero-day vulnerability in Windows Kerberos.This Patch Tuesday also fixes ... Read more
-
CybersecurityNews
Microsoft Patch Tuesday August 2025 Released – 107 Vulnerabilities Fixed Including 36 RCE
Microsoft released its August Patch Tuesday security updates, addressing a total of 107 vulnerabilities across its product ecosystem. The update includes fixes for 90 vulnerabilities, classified as fo ... Read more
The following table lists the changes that have been made to the
CVE-2025-53779 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Aug. 18, 2025
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.4851 Added Reference Type Microsoft Corporation: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53779 Types: Vendor Advisory -
New CVE Received by [email protected]
Aug. 12, 2025
Action Type Old Value New Value Added Description Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network. Added CVSS V3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-23 Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53779