Privilege Elevation Vulnerability in Host Process for Windows Tasks by Microsoft
CVE-2025-60710

7.8HIGH

Key Information:

Vendor

Microsoft
Status
Windows 11 Version 24h2
Windows 11 Version 25h2
Windows Server 2025
Windows Server 2025 (server Core Installation)
Vendor
CVE Published:
11 November 2025

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 2,870πŸ‘Ύ Exploit Exists🟣 EPSS 20%πŸ¦… CISA ReportedπŸ“° News Worthy

What is CVE-2025-60710?

CVE-2025-60710 is a vulnerability found in the Host Process for Windows Tasks, developed by Microsoft. This process plays a crucial role in managing various background tasks and operations on Windows systems. The vulnerability arises from improper link resolution prior to file access, which is a flaw often referred to as 'link following.' If exploited, this vulnerability allows an authorized attacker to elevate their privileges locally. This means that an attacker with certain levels of system access could potentially gain higher-level permissions, enabling them to execute unauthorized actions within the system. Such a privilege elevation can undermine the integrity of the organization's security, permitting access to sensitive data or the ability to alter system configurations without appropriate authorization.

Potential impact of CVE-2025-60710

  1. Unauthorized Access and Control: The ability to elevate privileges can enable a malicious actor to gain unauthorized control over sensitive parts of the system, potentially leading to data breaches or leaks of confidential information.

  2. System Integrity Compromise: With elevated privileges, an attacker can modify system settings or applications, which may disrupt normal operations, create vulnerabilities for further attacks, or install malicious software.

  3. Increased Attack Surface: This vulnerability can serve as a gateway for attackers, making systems more susceptible to additional exploits or ransomware attacks, thereby jeopardizing the overall cybersecurity posture of the organization.

CISA has reported CVE-2025-60710

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-60710 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 11 Version 24H2 ARM64-based Systems 10.0.26100.0 < 10.0.26100.7462

Windows 11 Version 25H2 10.0.26200.0 < 10.0.26200.7462

Windows Server 2025 (Server Core installation) x64-based Systems 10.0.26100.0 < 10.0.26100.7462

News Articles

favicon imageBleepingComputer

CISA flags Windows Task Host vulnerability as exploited in attacks

CISA warned U.S. government agencies to secure their systems against a Windows Task Host privilege escalation vulnerability that could allow attackers to gain SYSTEM privileges.

2 weeks ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisorypatch

EPSS Score

20% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by BleepingComputer

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ¦…

    CISA Reported

  • πŸ“ˆ

    Vulnerability started trending

  • Vulnerability published

  • Vulnerability Reserved

.