SB2025052835 - Privilege escalation in dMSA in Microsoft Windows Server

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025052835

SB2025052835 - Privilege escalation in dMSA in Microsoft Windows Server

Published: May 28, 2025

Security Bulletin ID SB2025052835
Severity
Medium
Patch available
NO
Number of vulnerabilities 1
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Permissions, Privileges, and Access Controls (CVE-ID: N/A)

The vulnerability allows a remote user to escalate privileges within Active Directory.

The vulnerability exists due to improperly imposed security restrictions in Managed Service Accounts (dMSAs). A domain user with CreateChild permission can gain administrative privileges within Active Directory.

The vulnerability was dubbed BadSuccessor.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References