Headline
CVE-2025-53779: Windows Kerberos Elevation of Privilege Vulnerability
According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?
To successfully exploit this vulnerability, an attacker would need to have elevated access to certain attributes of the dMSA, specifically:
- msds-groupMSAMembership: This attribute allows the user to utilize the dMSA.
- msds-ManagedAccountPrecededByLink: The attacker needs write access to this attribute, which allows them to specify a user that the dMSA can act on behalf of.