CVE-2025-60710

Summary

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 11 Version 24H210.0.26100.0 < 10.0.26100.7462affected
MicrosoftWindows 11 Version 25H210.0.26200.0 < 10.0.26200.7462affected
MicrosoftWindows Server 202510.0.26100.0 < 10.0.26100.7462affected
MicrosoftWindows Server 2025 (Server Core installation)10.0.26100.0 < 10.0.26100.7462affected

Weaknesses

  • CWE-59: CWE-59: Improper Link Resolution Before File Access ('Link Following')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

CVE Program Container

Additional References

References