Microsoft has addressed the “BadSuccessor” Kerberos vulnerability identified as CVE-2025-53779.

In August 2025, Microsoft released security updates addressing over 100 vulnerabilities across its products, including a significant relative path traversal flaw in Windows Kerberos (CVE-2025-53779). This vulnerability, identified by Akamai researcher Yuval Gordon, allows an authorised attacker to elevate privileges over a network as part of a BadSuccessor attack. It exploits the delegated Managed Service Account (dMSA) feature introduced in Windows Server 2025, potentially compromising any user in Active Directory (AD). Microsoft confirmed that an attacker who successfully exploits this vulnerability could gain domain administrator privileges. Although the flaw has been known for several months, there is currently no evidence of it being exploited in the wild. Microsoft rates the likelihood of exploitation as “less likely,” thus not considering the security update critical for urgent deployment.

In light of previous zero-day vulnerabilities, including CVE-2025-53770 and CVE-2025-53771, Microsoft has also patched another critical deserialization bug, CVE-2025-49712. This remote code execution (RCE) vulnerability requires authentication but poses a risk when combined with known authentication bypasses. Attackers could potentially chain this flaw with prior vulnerabilities to achieve full server compromise and data exfiltration. Although it has not yet been exploited, the urgency to patch is heightened, especially for exposed SharePoint instances, which are prime targets for lateral movement. Additionally, two Microsoft Office RCE vulnerabilities, CVE-2025-53731 and CVE-2025-53740, have been flagged as important to address promptly, as they allow code execution through the Preview Pane. Given the ongoing issues, experts suggest considering the temporary disabling of the Preview Pane while Microsoft addresses these vulnerabilities.