CVE-2025-60710

Published Nov 11, 2025

Last updated a month ago

Exploit knownCVSS high 7.8
Windows Tasks
Zero-day
IoT
Server

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-60710 is an elevation-of-privilege vulnerability affecting the Host Process for Windows Tasks. The vulnerability stems from improper link resolution before file access, also known as a "link following" issue. An authorized attacker with local access could exploit this vulnerability to gain elevated privileges. Specifically, a low-privileged user could manipulate file system reparse points (like symbolic links) to cause the Host Process for Windows Tasks to operate on attacker-controlled file system targets, potentially achieving SYSTEM-level effects. A patch has been released by Microsoft for Windows 11 versions 2H2 and 25H2.

Description
Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_11_24h2, windows_11_25h2, windows_server_2025

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Microsoft Windows Link Following Vulnerability
Exploit added on
Apr 13, 2026
Exploit action due
Apr 27, 2026
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com
CWE-59

Social media

Hype score
Not currently trending

  1. CISA added CVE-2025-60710 to KEV: a link-following bug in Windows. Local user points a privileged process at a symlink or junction they control — non-admin to SYSTEM. Federal patch deadline is April 27. https://t.co/mOY0o9kMad

    @TechTranslators

    25 Apr 2026

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 【Windows Task HostのCVE-2025-60710は“侵入後”に効くKEV案件】 CVE-2025-60710は、Windows Task Hostにあるlink followingの問題で、認証済みの攻撃者がローカル権限昇格できる脆弱性です。すでにCISA KEV入りしており、単なる

    @01ra66it

    18 Apr 2026

    355 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  3. CVE-2025-60710: Windows Task Host Link Following Bug - What It Means for Your Business and How to Respond https://t.co/UPsHtQJT8u

    @integ_sec

    17 Apr 2026

    162 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. TRC analysis shows attackers exploiting CVE-2025-60710 to gain SYSTEM privileges on Windows hosts, then pivoting laterally across networks. The privilege escalation involves improper link resolution in Windows Task Host, enabling low-complexity local attacks. Runtime segmentation

    @aviatrixtrc

    16 Apr 2026

    104 Impressions

    0 Retweets

    4 Likes

    0 Bookmarks

    5 Replies

    0 Quotes

  5. NEW THREAT INTEL: CVE-2025-60710 Windows Task Host LPE -- CISA KEV confirms active exploitation of taskhostw.exe symlink abuse for SYSTEM privesc. 9 detections, 14 IOCs. https://t.co/0fFeBFjhjn #ThreatIntel #CyberSecurity #Windows #PrivEsc https://t.co/asnPj28078

    @threadlinqs

    15 Apr 2026

    106 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. NEW THREAT INTEL: CVE-2025-60710 Windows taskhostw.exe Privilege Escalation -- Junction point abuse in Recall task escalates to SYSTEM. 9 detections, 14 IOCs. https://t.co/0fFeBFjhjn #ThreatIntel #CyberSecurity #Windows #PrivEsc https://t.co/lmCbt95PmG

    @threadlinqs

    15 Apr 2026

    92 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-60710: CISA alerta para falha crítica no Windows com acesso total ao sistema https://t.co/TM35Mweugm

    @SempreUpdate

    15 Apr 2026

    101 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CISA alerts U.S. agencies of a Windows Task Host vulnerability (CVE-2025-60710) allowing local privilege escalation to SYSTEM. Patch released in Nov 2025 for Windows 11 & Server 2025. #WindowsUpdate #PrivilegeEscalation #USA https://t.co/RCVlgkDrHv

    @TweetThreatNews

    15 Apr 2026

    208 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CVE-2025-60710 mitigation script EoP vulnerability in Host Process for Windows Tasks -- https://t.co/iMicepNARW

    @AndreGironda

    15 Apr 2026

    134 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  10. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-60710 #Microsoft #Windows Link Following Vulnerability https://t.co/2U7lpYAl0f

    @ScyScan

    13 Apr 2026

    130 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🛡️ CVE-2025-60710: Vulnerabilidad de Escalada de Privilegios en Microsoft Windows Análisis técnico de la CVE-2025-60710, una vulnerabilidad de seguimiento de enlaces en Windows que permite escalada de privilegios. Impacto, mitigaciones y reco https://t.co/kJCOz0sqRf

    @CiberPlanetaOrg

    13 Apr 2026

    136 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CVE-2025-60710 | Host Process for Windows Tasks Elevation of Privilege Vulnerability https://t.co/BVoUWbvc1w https://t.co/TCVwtQwDFr

    @rahsi_aaka

    12 Jan 2026

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2025-60710 Host Process for Windows Tasks Elevation of Privilege Vulnerability https://t.co/tLO0ale6R2 #SecQube #cybersecurity

    @SecQube

    15 Dec 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 2025-11-12 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― GitHub - Wh04m1001/CVE-2025-60710 https://t.co/e4rgSezGd3 https://t.co/gUpeJNQzxr

    @motikan2010

    13 Nov 2025

    184 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. GitHub - Wh04m1001/CVE-2025-60710 https://t.co/HDpcTJdyID

    @akaclandestine

    12 Nov 2025

    996 Impressions

    4 Retweets

    3 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  16. Yesterday microsoft published advisory for CVE-2025-60710 and this is PoC for that LPE https://t.co/fZ9QrNZLjy

    @filip_dragovic

    12 Nov 2025

    28993 Impressions

    78 Retweets

    268 Likes

    169 Bookmarks

    5 Replies

    1 Quote

  17. CVE-2025-60710 Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally. https://t.co/fMa4YmcGRe

    @CVEnew

    11 Nov 2025

    178 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.CVE-2026-21515
  2. Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.CVE-2026-33827
  3. Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.CVE-2026-33826
  4. Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.CVE-2026-33825
  5. Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.CVE-2026-33829

References

Sources include official advisories and independent security research.