Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise
May 22, 2025
Cybersecurity / Vulnerability
A privilege escalation flaw has been demonstrated in Windows Server 2025 that makes it possible for attackers to compromise any user in Active Directory (AD). "The attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server 2025, works with the default configuration, and is trivial to implement," Akamai security researcher Yuval Gordon said in a report shared with The Hacker News. "This issue likely affects most organizations that rely on AD. In 91% of the environments we examined, we found users outside the domain admins group that had the required permissions to perform this attack." What makes the attack pathway notable is that it leverages a new feature called Delegated Managed Service Accounts ( dMSA ) that allows migration from an existing legacy service account. It was introduced in Windows Server 2025 as a mitigation to Kerberoasting attacks. The attack technique has been codenamed BadSuccessor by the w...
