Elevation of Privilege Vulnerability in Windows Kerberos by Microsoft
CVE-2025-60704

7.5HIGH

Key Information:

Vendor

Microsoft
Status
Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (server Core Installation)
Windows Server 2022
Vendor
CVE Published:
11 November 2025

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2025-60704?

A missing cryptographic step in Windows Kerberos allows unauthorized attackers to potentially elevate their privileges on the network. This vulnerability poses a serious risk as it could be exploited by attackers to gain access to sensitive resources and perform unauthorized actions within a system.

Affected Version(s)

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8594

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.8027

Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.6575

News Articles

favicon imageThe Hacker News

Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack

Microsoft fixes 63 flaws, including an exploited Windows Kernel zero-day and a critical RCE bug.

2 days ago

favicon imageDark Reading

Patch Now: Microsoft Flags Zero-Day & Zero-Click Bugs

Security teams may have a less burdensome rollout in November after October's Goliath Patch Tuesday, but shouldn't wait on priority fixes.

3 days ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Dark Reading

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-60704 : Elevation of Privilege Vulnerability in Windows Kerberos by Microsoft