CVE-2025-60710
Host Process for Windows Tasks Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.2%
EPSS Percentile
41th
Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
| Vendor | microsoft |
| Product | windows 11 version 24h2 |
| Ecosystems | |
| Industries | TechnologyEnterprise |
| Published | Nov 11, 2025 |
| Last Updated | Apr 14, 2026 |
โ ๏ธ Actively Exploited โ Act Now
Get instant alerts for microsoft windows 11 version 24h2
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2025-60710.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Microsoft / Windows 11 Version 24H2
10.0.26100.0 < 10.0.26100.7462
Microsoft / Windows 11 Version 25H2
10.0.26200.0 < 10.0.26200.7462
Microsoft / Windows Server 2025
10.0.26100.0 < 10.0.26100.7462
Microsoft / Windows Server 2025 (Server Core installation)
10.0.26100.0 < 10.0.26100.7462
References
msrc.microsoft.com: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-60710 vicarius.io: https://www.vicarius.io/vsociety/posts/cve-2025-60710-detection-script-eop-vulnerability-in-host-process-for-windows-tasks vicarius.io: https://www.vicarius.io/vsociety/posts/cve-2025-60710-mitigation-script-eop-vulnerability-in-host-process-for-windows-tasks