Semperis researchers have identified a significant design flaw in Windows Server 2025, known as 'Golden dMSA', which affects delegated Managed Service Accounts (dMSAs) and poses a risk of undetected attacks. This vulnerability allows attackers to gain persistent access to these accounts, facilitating cross-domain lateral movement and compromising resources within Active Directory. The flaw is rooted in a cryptographic issue related to the predictability of the ManagedPasswordId structure, which can be brute-forced due to its limited combinations. To help address this threat, a tool called GoldenDMSA has been developed to simulate the attack's logic for security professionals. Semperis recommends organizations using Windows Server 2025 to proactively assess their managed service accounts and identity infrastructure to mitigate the risks associated with this vulnerability.