CVE-2025-60710
Published: 11 November 2025
Summary
CVE-2025-60710 is a high-severity Link Following (CWE-59) vulnerability in Microsoft Windows 11 24H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 4.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-4 (Information in Shared System Resources) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-60710 is an improper link resolution before file access vulnerability, also known as link following, that affects the Host Process for Windows Tasks on Windows systems. The flaw is tracked under CWE-59 and carries a CVSS 3.1 base score of 7.8, reflecting local attack vector, low complexity, and privileges required only at the authorized user level.
An attacker who already possesses a local account on an affected system can exploit the weakness to perform unauthorized file operations through crafted links, ultimately achieving elevation of privileges on the host.
Microsoft's advisory at msrc.microsoft.com provides official guidance and patches, while CISA has added the CVE to its Known Exploited Vulnerabilities catalog. Third-party resources from Vicarius supply detection and mitigation scripts that practitioners can use to identify and remediate affected hosts.
The EPSS score rose from lower values after disclosure to a peak of 0.2987 on 2026-05-12 before receding to the current 0.1903, indicating increased exploitation interest following public release.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-93436
Vulnerability details
Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
- CWE(s)
- KEV Date Added
- 13 April 2026
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2025-60710 enables local privilege escalation via symlink manipulation in the Host Process for Windows Tasks, directly facilitating Exploitation for Privilege Escalation (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates identification, prioritization, and timely remediation of the improper link resolution flaw via Microsoft patches as urged by CISA.
Prevents unauthorized file access and privilege escalation through shared system resources like symbolic links manipulated by local attackers.
Enforces least privilege on the Host Process for Windows Tasks and user accounts to limit the scope and impact of symlink-based elevation.