CVE-2025-53779

Published Aug 12, 2025

Last updated 11 days ago

CVSS high 7.2

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-53779 is a relative path traversal vulnerability affecting Windows Kerberos. It allows an authorized attacker to elevate privileges over a network. The vulnerability arises because the software constructs a pathname from external input without properly neutralizing sequences like ".." that could resolve to locations outside of the intended restricted directory. Exploitation involves relative path traversal in Windows Kerberos.

Description
Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_server_2025

Risk scores

CVSS 3.1

Type
Primary
Base score
7.2
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-23

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

19

  1. ⚠️ BadSuccessor Post-Patch: Leveraging dMSAs for Credential Acquisition and Lateral Movement in Active Directory Read more: https://t.co/VUuXWEzTUS Microsoft’s recent patch for the BadSuccessor vulnerability (CVE-2025-53779) has successfully closed the direct privilege h

    @The_Cyber_News

    29 Aug 2025

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. BadSuccessor is dead… or is it? The patch for CVE-2025-53779 fixed the priv-esc. While no longer a vulnerability, the tactic still applies in certain scenarios. Defenders should be aware of it. Details: https://t.co/bPtqlAfcGT

    @YuG0rd

    27 Aug 2025

    3666 Impressions

    26 Retweets

    73 Likes

    26 Bookmarks

    0 Replies

    0 Quotes

  3. BadSuccessor is dead… or is it? 👀 It's more than a bug, it's a technique. Microsoft patched CVE-2025-53779, but analysis by @YuG0rd shows that while the patch closed the door, an attacker can get in through the keyhole in some scenarios. Read more: https://t.co/SnpzyGF0

    @akamai_research

    27 Aug 2025

    5919 Impressions

    22 Retweets

    79 Likes

    45 Bookmarks

    3 Replies

    0 Quotes

  4. ⚖️ PATCH ALERT: Microsoft Fixes 100+ Flaws 🛡️💻 • Critical threats: 🔑 CVE-2025-53779 → Kerberos “BadSuccessor” path traversal 📩 CVE-2025-53786 → Exchange hybrid privilege escalation ➕ NTLM & GDI+/Word RCEs • Impact: Windows domains, hybrid Ex

    @Newtalics

    26 Aug 2025

    140 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Microsoft 2025-08 月例アップデート:1件のゼロデイを含む 107件の脆弱性に対応 https://t.co/bJZlvT9xnL 今月の Patch Tuesday では、107件の脆弱性が修正されましたが、ゼロデイとして注目すべきは、Windows Kerberos のゼロデ

    @iototsecnews

    25 Aug 2025

    108 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 Microsoft August 2025 Patch Tuesday: 🔧 107 flaws fixed 💣 Zero-day in Windows Kerberos (CVE-2025-53779) ⚠️ Could give attackers Domain Admin rights! ✅ Update immediately. #CyberSecurity #PatchTuesday #ZeroDay #Microsoft #Prismatecs https://t.co/6f5FChsPnD

    @Prismatecs

    23 Aug 2025

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779) https://t.co/qjVkGbnVEG https://t.co/rxRVKZHq0s

    @Trej0Jass

    22 Aug 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779) https://t.co/a3GMfQJYoF https://t.co/lGcvBPMsih

    @Trej0Jass

    19 Aug 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. ■ CVE-2025-53779 - Windows Kerberos Elevation of Privilege Vulnerability → Release: 2025-08-12 → Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network.

    @CTI131

    15 Aug 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. ⚠️ Kerberos CVE – BadSuccessor (CVE-2025-53779) From zero to Domain Admin in one misstep… 🎯 Threat: Abuse of dMSA in Windows Server 2025 → Priv Esc 💥 Impact: Full domain compromise via Kerberos/dMSA misconfig 🛠 Action: Install Aug 2025 updates Audit dMSA

    @Newtalics

    15 Aug 2025

    16 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Microsoft、2025年8月の定例パッチで107件の脆弱性を修正 -CVSS 9.8のRCE含む重大バグ多数(CVE-2025-53779) #セキュリティ対策Lab #セキュリティ #Security https://t.co/0AEE5PWjOh

    @securityLab_jp

    14 Aug 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🛡 #Microsoft Patch Tuesday: 111 vulnerabilidades corregidas. ⚠ Zero-day en #Windows Kerberos (CVE-2025-53779) ⚠ Falla crítica en #Exchange híbrido (CVE-2025-53786) 💡 Actualiza de inmediato y protege tu red. #Ciberseguridad #Compunet https://t.co/aHmaz9dSWf

    @CompunetChile

    14 Aug 2025

    51 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Microsoft has addressed the “BadSuccessor” Kerberos vulnerability identified as CVE-2025-53779. https://t.co/sPpdPc01xS

    @DemolisherDigi

    14 Aug 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 Urgent Alert: A Zero-Day Elevation of Privilege vulnerability (CVE-2025-53779) is actively being exploited! Patch your systems immediately to prevent unauthorized access. 🛡️ #Cybersecurity #ZeroDay #PatchTuesday https://t.co/97Apz3doQz

    @CyberWolfGuard

    13 Aug 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🚨 Microsoft Patch Tuesday (Aug 2025) drops 107 fixes — including a critical zero-day (CVE-2025-53779) under active attack targeting Windows Kerberos. Is your system protected? Details & tips 👉 https://t.co/pw8lAKGKxO #Cybersecurity #WindowsUpdate #YobitechCybersecu

    @Yobitech_Cyber

    13 Aug 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779) https://t.co/Uf5z2Nik6D https://t.co/LrPSC30CjW

    @EAlexStark

    13 Aug 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. Microsoft fixes “BadSuccessor” Kerberos vulnerability (CVE-2025-53779) https://t.co/cT7fNNuXNY #HelpNetSecurity #Cybersecurity https://t.co/A5PdPfW6Vm

    @PoseidonTPA

    13 Aug 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779) https://t.co/2ijJJPhV11 https://t.co/mICW86L7Fi

    @Trej0Jass

    13 Aug 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779) https://t.co/wcfV4oyOI3 https://t.co/7ADw41ixLM

    @secured_cyber

    13 Aug 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. https://t.co/LcsAYRbm2Y Patch Tuesday (Aug 12, 2025): Microsoft fixes 111 flaws, incl. Kerberos zero-day CVE-2025-53779 “BadSuccessor”. 16 Critical, 92 Important. RCE & Priv-Esc heavy. Patch DCs & high-risk systems. #CyberSecurity #ZeroDay #Microsoft #Kerberos

    @AnomalousBytes

    13 Aug 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. ⚠️日本含む複数国のFortinet SSL-VPNがブルートフォース攻撃の標的に 直後にFortiManagerも狙われる 🔨マイクロソフト、2025年8月の月例パッチで107件の脆弱性を修正(CVE-2025-53779、CVE-2025-49707他) 〜サイバーア

    @MachinaRecord

    13 Aug 2025

    106 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 今日はいろんなぱっちでー ◆Microsoft https://t.co/Jf74J8t5YZ 0-day→CVE-2025-53779 - Windows Kerberos の権限昇格の脆弱性 ◆SAP https://t.co/5ho0PLfqSs ◆Ivanti https://t.co/h7DYJM6cD3 ◆Forti https://t.co/6r2t9U8Kcd ◆Adobe https://t.co/GIqST60POq

    @taku888infinity

    12 Aug 2025

    240 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  23. The #August2025 Patch Tuesday update addressed 111 vulnerabilities, including fixes for a zero-day vulnerability in Windows Kerberos (CVE-2025-53779). Read details: https://t.co/p8ouxhNcib #NEWS #Updates #TechNews #tech #Windows11 #windows10 #Microsoft #patchtuesday #technology

    @windows_cult

    12 Aug 2025

    122 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779) https://t.co/U7v5rvjguE https://t.co/3PPkXCfIw4

    @ggrubamn

    12 Aug 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. 𝗧𝗼𝗱𝗮𝘆'𝘀 𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆 𝗼𝘃𝗲𝗿𝘃𝗶𝗲𝘄: ▪️ Microsoft has addressed 107 vulnerabilities, one zero-day with PoC (CVE-2025-53779), 13 critical ▪️ Third-party: actively exploited vulnerabilities in Google C

    @Action1corp

    12 Aug 2025

    135 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.