CVE-2025-60710
Published Nov 11, 2025
Last updated 11 days ago
- Description
- Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_11_24h2, windows_11_25h2, windows_server_2025
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Link Following Vulnerability
- Exploit added on
- Apr 13, 2026
- Exploit action due
- Apr 27, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-59
- Hype score
- Not currently trending
【Windows Task HostのCVE-2025-60710は“侵入後”に効くKEV案件】 CVE-2025-60710は、Windows Task Hostにあるlink followingの問題で、認証済みの攻撃者がローカル権限昇格できる脆弱性です。すでにCISA KEV入りしており、単なる
@01ra66it
18 Apr 2026
355 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-60710: Windows Task Host Link Following Bug - What It Means for Your Business and How to Respond https://t.co/UPsHtQJT8u
@integ_sec
17 Apr 2026
162 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TRC analysis shows attackers exploiting CVE-2025-60710 to gain SYSTEM privileges on Windows hosts, then pivoting laterally across networks. The privilege escalation involves improper link resolution in Windows Task Host, enabling low-complexity local attacks. Runtime segmentation
@aviatrixtrc
16 Apr 2026
104 Impressions
0 Retweets
4 Likes
0 Bookmarks
5 Replies
0 Quotes
NEW THREAT INTEL: CVE-2025-60710 Windows Task Host LPE -- CISA KEV confirms active exploitation of taskhostw.exe symlink abuse for SYSTEM privesc. 9 detections, 14 IOCs. https://t.co/0fFeBFjhjn #ThreatIntel #CyberSecurity #Windows #PrivEsc https://t.co/asnPj28078
@threadlinqs
15 Apr 2026
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NEW THREAT INTEL: CVE-2025-60710 Windows taskhostw.exe Privilege Escalation -- Junction point abuse in Recall task escalates to SYSTEM. 9 detections, 14 IOCs. https://t.co/0fFeBFjhjn #ThreatIntel #CyberSecurity #Windows #PrivEsc https://t.co/lmCbt95PmG
@threadlinqs
15 Apr 2026
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-60710: CISA alerta para falha crítica no Windows com acesso total ao sistema https://t.co/TM35Mweugm
@SempreUpdate
15 Apr 2026
101 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA alerts U.S. agencies of a Windows Task Host vulnerability (CVE-2025-60710) allowing local privilege escalation to SYSTEM. Patch released in Nov 2025 for Windows 11 & Server 2025. #WindowsUpdate #PrivilegeEscalation #USA https://t.co/RCVlgkDrHv
@TweetThreatNews
15 Apr 2026
208 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-60710 mitigation script EoP vulnerability in Host Process for Windows Tasks -- https://t.co/iMicepNARW
@AndreGironda
15 Apr 2026
134 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-60710 #Microsoft #Windows Link Following Vulnerability https://t.co/2U7lpYAl0f
@ScyScan
13 Apr 2026
130 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ CVE-2025-60710: Vulnerabilidad de Escalada de Privilegios en Microsoft Windows Análisis técnico de la CVE-2025-60710, una vulnerabilidad de seguimiento de enlaces en Windows que permite escalada de privilegios. Impacto, mitigaciones y reco https://t.co/kJCOz0sqRf
@CiberPlanetaOrg
13 Apr 2026
136 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-60710 | Host Process for Windows Tasks Elevation of Privilege Vulnerability https://t.co/BVoUWbvc1w https://t.co/TCVwtQwDFr
@rahsi_aaka
12 Jan 2026
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-60710 Host Process for Windows Tasks Elevation of Privilege Vulnerability https://t.co/tLO0ale6R2 #SecQube #cybersecurity
@SecQube
15 Dec 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2025-11-12 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― GitHub - Wh04m1001/CVE-2025-60710 https://t.co/e4rgSezGd3 https://t.co/gUpeJNQzxr
@motikan2010
13 Nov 2025
184 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
GitHub - Wh04m1001/CVE-2025-60710 https://t.co/HDpcTJdyID
@akaclandestine
12 Nov 2025
996 Impressions
4 Retweets
3 Likes
3 Bookmarks
0 Replies
0 Quotes
Yesterday microsoft published advisory for CVE-2025-60710 and this is PoC for that LPE https://t.co/fZ9QrNZLjy
@filip_dragovic
12 Nov 2025
28993 Impressions
78 Retweets
268 Likes
169 Bookmarks
5 Replies
1 Quote
CVE-2025-60710 Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally. https://t.co/fMa4YmcGRe
@CVEnew
11 Nov 2025
178 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCD2A6E-7CD0-4FCC-AC11-5A1470776C24",
"versionEndExcluding": "10.0.26100.7392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EA08CDD-D682-403D-8B50-879EB4D88C67",
"versionEndExcluding": "10.0.26200.7392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35BBEADA-D039-479B-A1BA-B2A7E37235BE",
"versionEndExcluding": "10.0.26100.7392",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]