BadSuccessor
BadSuccessor is a privilege escalation vulnerability discovered in Windows Server 2025 that allows attackers to act with the privileges of any user in Active Directory, without modifying the target object.
It abuses the delegated Managed Service Account (dMSA) feature introduced in Windows Server 2025 and works in the default configuration, making it a high-impact, low-complexity attack vector. In 91% of the environments we examined, non-admin users had the required permissions to perform the attack.
While Microsoft has acknowledged the issue and will address it in the future, no patch is currently available. BadSuccessor
