CVE-2025-33073 gives any domain user SYSTEM on unpatched hosts. See how unconstrained delegation turns one hop into full domain compromise.
