CVE-2025-60710

HIGH

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

CVSS v3.1 Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Complexity

LOW

Privileges

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Published: 11/11/2025Modified: 4/14/2026

Related Intelligence (2)

LOWVulnerability

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

<p>CISA has added seven new vulnerabilities to its <a href="/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p> <ul> <li><a href="https://www.cve.or

CVE-2012-1854CVE-2020-9715

Apr 13, 2026CISA Advisories

HIGHVulnerability

CISA KEV: Microsoft Windows — Microsoft Windows Link Following Vulnerability

Microsoft Windows contains a link following vulnerability that allows for privilege escalation

CVE-2025-60710Microsoft Windows

Apr 13, 2026CISA KEV

References (4)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710Vendor Advisory https://www.vicarius.io/vsociety/posts/cve-2025-60710-detection-script-eop-vulnerability-in-host-process-for-windows-tasksThird Party Advisory https://www.vicarius.io/vsociety/posts/cve-2025-60710-mitigation-script-eop-vulnerability-in-host-process-for-windows-tasksMitigationThird Party Advisory https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-60710US Government Resource