AI description
CVE-2025-60710 is an elevation-of-privilege vulnerability affecting the Host Process for Windows Tasks. The vulnerability stems from improper link resolution before file access, also known as a "link following" issue. An authorized attacker with local access could exploit this vulnerability to gain elevated privileges. Specifically, a low-privileged user could manipulate file system reparse points (like symbolic links) to cause the Host Process for Windows Tasks to operate on attacker-controlled file system targets, potentially achieving SYSTEM-level effects. A patch has been released by Microsoft for Windows 11 versions 2H2 and 25H2.
- Description
- Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
- Source
- secure@microsoft.com
- NVD status
- Modified
- Products
- windows_11_25h2
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-59
- Hype score
- Not currently trending
CVE-2025-60710 | Host Process for Windows Tasks Elevation of Privilege Vulnerability https://t.co/BVoUWbvc1w https://t.co/TCVwtQwDFr
@rahsi_aaka
12 Jan 2026
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-60710 Host Process for Windows Tasks Elevation of Privilege Vulnerability https://t.co/tLO0ale6R2 #SecQube #cybersecurity
@SecQube
15 Dec 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2025-11-12 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― GitHub - Wh04m1001/CVE-2025-60710 https://t.co/e4rgSezGd3 https://t.co/gUpeJNQzxr
@motikan2010
13 Nov 2025
184 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
GitHub - Wh04m1001/CVE-2025-60710 https://t.co/HDpcTJdyID
@akaclandestine
12 Nov 2025
996 Impressions
4 Retweets
3 Likes
3 Bookmarks
0 Replies
0 Quotes
Yesterday microsoft published advisory for CVE-2025-60710 and this is PoC for that LPE https://t.co/fZ9QrNZLjy
@filip_dragovic
12 Nov 2025
28993 Impressions
78 Retweets
268 Likes
169 Bookmarks
5 Replies
1 Quote
CVE-2025-60710 Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally. https://t.co/fMa4YmcGRe
@CVEnew
11 Nov 2025
178 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A547AA3-FC6B-46D9-8D22-995C3CA33140",
"versionEndExcluding": "10.0.26200.7092"
}
],
"operator": "OR"
}
]
}
]