Privilege Elevation Vulnerability in Host Process for Windows Tasks by Microsoft
CVE-2025-60710
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 11 November 2025
Badges
What is CVE-2025-60710?
CVE-2025-60710 is a vulnerability found in the Host Process for Windows Tasks, developed by Microsoft. This process plays a crucial role in managing various background tasks and operations on Windows systems. The vulnerability arises from improper link resolution prior to file access, which is a flaw often referred to as 'link following.' If exploited, this vulnerability allows an authorized attacker to elevate their privileges locally. This means that an attacker with certain levels of system access could potentially gain higher-level permissions, enabling them to execute unauthorized actions within the system. Such a privilege elevation can undermine the integrity of the organization's security, permitting access to sensitive data or the ability to alter system configurations without appropriate authorization.
Potential impact of CVE-2025-60710
-
Unauthorized Access and Control: The ability to elevate privileges can enable a malicious actor to gain unauthorized control over sensitive parts of the system, potentially leading to data breaches or leaks of confidential information.
-
System Integrity Compromise: With elevated privileges, an attacker can modify system settings or applications, which may disrupt normal operations, create vulnerabilities for further attacks, or install malicious software.
-
Increased Attack Surface: This vulnerability can serve as a gateway for attackers, making systems more susceptible to additional exploits or ransomware attacks, thereby jeopardizing the overall cybersecurity posture of the organization.
Affected Version(s)
Windows 11 Version 25H2 Unknown 10.0.26200.0 < 10.0.26200.7171