CVE-2025-60710

Published Nov 11, 2025

Last updated 19 hours ago

Windows Tasks

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-60710 is an elevation-of-privilege vulnerability affecting the Host Process for Windows Tasks. The vulnerability stems from improper link resolution before file access, also known as a "link following" issue. An authorized attacker with local access could exploit this vulnerability to gain elevated privileges. Specifically, a low-privileged user could manipulate file system reparse points (like symbolic links) to cause the Host Process for Windows Tasks to operate on attacker-controlled file system targets, potentially achieving SYSTEM-level effects. A patch has been released by Microsoft for Windows 11 versions 2H2 and 25H2.

Description: Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
Source: secure@microsoft.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

secure@microsoft.com: CWE-59

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 36

References