CVE-2025-60718

Published Nov 11, 2025

Last updated 2 months ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-60718 is an untrusted search path vulnerability found in Windows Administrator Protection. It enables an authorized attacker to elevate their privileges locally on a vulnerable system. Successful exploitation of CVE-2025-60718 allows an attacker to gain elevated privileges, potentially enabling them to execute commands with higher system access levels. Microsoft released security patches as part of the November 2025 Patch Tuesday updates to address this vulnerability.

Description: Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally.
Source: secure@microsoft.com
NVD status: Analyzed
Products: windows_11_24h2, windows_11_25h2

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

secure@microsoft.com: CWE-426

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4345F25E-DF90-4CB2-B310-F82E08502815",
            "versionEndExcluding": "10.0.26100.7092"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A547AA3-FC6B-46D9-8D22-995C3CA33140",
            "versionEndExcluding": "10.0.26200.7092"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.