AI description
Automated description summarized from trusted sources.
CVE-2025-60718 is an untrusted search path vulnerability found in Windows Administrator Protection. It enables an authorized attacker to elevate their privileges locally on a vulnerable system. Successful exploitation of CVE-2025-60718 allows an attacker to gain elevated privileges, potentially enabling them to execute commands with higher system access levels. Microsoft released security patches as part of the November 2025 Patch Tuesday updates to address this vulnerability.
- Description
- Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_11_24h2, windows_11_25h2
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-426
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4345F25E-DF90-4CB2-B310-F82E08502815",
"versionEndExcluding": "10.0.26100.7092"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A547AA3-FC6B-46D9-8D22-995C3CA33140",
"versionEndExcluding": "10.0.26200.7092"
}
],
"operator": "OR"
}
]
}
]