ByteOS Network

NVD Vulnerability Details :

CVE-2025-60710

Analyzed

Source-secure@microsoft.com

View Known Exploited Vulnerability (KEV) details

Published At-11 Nov, 2025 | 18:15

Updated At-14 Apr, 2026 | 14:44

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

CISA Catalog

Date Added	Due Date	Vulnerability Name	Required Action
2026-04-13	2026-04-27	Microsoft Windows Link Following Vulnerability	Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2026-04-13

Due Date: 2026-04-27

Vulnerability Name: Microsoft Windows Link Following Vulnerability

Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CPE Matches

Microsoft Corporation

>>windows_11_24h2>>Versions before 10.0.26100.7392(exclusive)

cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_11_25h2>>Versions before 10.0.26200.7392(exclusive)

cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2025>>Versions before 10.0.26100.7392(exclusive)

cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-59	Secondary	secure@microsoft.com

CWE ID: CWE-59

Type: Secondary

Source: secure@microsoft.com

References

Hyperlink	Source	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710	secure@microsoft.com	Vendor Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-60710-detection-script-eop-vulnerability-in-host-process-for-windows-tasks	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-60710-mitigation-script-eop-vulnerability-in-host-process-for-windows-tasks	af854a3a-2127-422b-91ae-364da2661108	Mitigation Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-60710	134c704f-9b21-4f2e-91b3-4a467353bcc0	US Government Resource

Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710

Source: secure@microsoft.com

Resource:

Vendor Advisory

Hyperlink: https://www.vicarius.io/vsociety/posts/cve-2025-60710-detection-script-eop-vulnerability-in-host-process-for-windows-tasks

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

Hyperlink: https://www.vicarius.io/vsociety/posts/cve-2025-60710-mitigation-script-eop-vulnerability-in-host-process-for-windows-tasks

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Mitigation

Third Party Advisory

Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-60710

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource:

US Government Resource

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History