Privilege escalation in dMSA in Microsoft Windows Server



Risk Medium
Patch available NO
Number of vulnerabilities 1
CVE-ID N/A
CWE-ID CWE-264
Exploitation vector Local network
Public exploit N/A
Vulnerable software
 Windows Server
Operating systems & Components / Operating system

Vendor Microsoft

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU109907

Risk: Medium

CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges within Active Directory.

The vulnerability exists due to improperly imposed security restrictions in Managed Service Accounts (dMSAs). A domain user with CreateChild permission can gain administrative privileges within Active Directory.

The vulnerability was dubbed BadSuccessor.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Windows Server: 2025 10.0.26100.1742 - 2025 10.0.26100.4061

CPE2.3 External links

https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###