Improper Access Control in Windows Client-Side Caching Service by Microsoft
CVE-2025-60705

7.8HIGH

Key Information:

Vendor

Microsoft
Status
Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (server Core Installation)
Windows Server 2022
Vendor
CVE Published:
11 November 2025

What is CVE-2025-60705?

A flaw in the Windows Client-Side Caching (CSC) Service exposes the system to an improper access control scenario, enabling an authorized attacker to gain elevated privileges locally. This vulnerability can potentially allow malicious actors to exploit permissions and perform unauthorized actions, compromising system integrity and security.

Affected Version(s)

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8594

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.8027

Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.6575

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-60705 : Improper Access Control in Windows Client-Side Caching Service by Microsoft