CVE-2025-60710 - Vulnerability Details

- Host Process for Windows Tasks Elevation of Privilege Vulnerability

Description

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

Published: 2025-11-11

Score: 7.8 High

EPSS: 29.9% Moderate

KEV: Yes

Impact:

Action:

Analysis

Impact

Host Process for Windows Tasks contains an improper link resolution before file access error, enabling an attacker who can run a local user context to acquire higher privileges through the host process. The flaw represents a classic path traversal weakness (CWE‑59) where a manipulated file path is followed to a system resource. If exploited, the attacker can execute operations with system level rights, compromising the confidentiality, integrity, and availability of the affected machine.

Affected Systems

The vulnerability affects Microsoft Windows 11 versions 24H2 and 25H2, as well as the forthcoming Windows Server 2025 and its Server Core installation. The affected component is the host process that manages scheduled tasks.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity, and the EPSS score of 30% suggests a moderately high likelihood of exploitation. The vulnerability is listed in the CISA KEV catalog, confirming known exploitation activity. Local privileged users could trigger the flaw with little reconnaissance, making the attack vector likely to be local.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Microsoft

Windows 11 Version 24H2

affected

Version	Status	Constraints
`10.0.26100.0`	affected	< 10.0.26100.7462

Microsoft

Windows 11 Version 25H2

affected

Version	Status	Constraints
`10.0.26200.0`	affected	< 10.0.26200.7462

Microsoft

Windows Server 2025

affected

Version	Status	Constraints
`10.0.26100.0`	affected	< 10.0.26100.7462

Microsoft

Windows Server 2025 (Server Core installation)

affected

Version	Status	Constraints
`10.0.26100.0`	affected	< 10.0.26100.7462

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_11_24h2::::::::
	cpe:2.3:o:microsoft:windows_11_25h2::::::::
	cpe:2.3:o:microsoft:windows_server_2025::::::::

No data.

Vendor	Product	Confidence	Versions
Microsoft	Windows	—	—
Microsoft	Windows 11	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply Microsoft security updates that contain the fix for CVE‑2025‑60710
Verify that the system runs one of the affected Windows 11 or Windows Server 2025 releases before applying the patch
If an update is not immediately available, apply the published mitigation scripts to restrict link resolution or adjust host process permissions

Generated by OpenCVE AI on May 7, 2026 at 14:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since April 13, 2026.

The EPSS score is 0.29871.

Exploitation active

Automatable no

Technical Impact total

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-60710
https://www.vicarius.io/vsociety/posts/cve-2025-60710-detection-script-eop-vulnerability-in-host-process-for-windows-tasks
https://www.vicarius.io/vsociety/posts/cve-2025-60710-mitigation-script-eop-vulnerability-in-host-process-for-windows-tasks

History

Tue, 14 Apr 2026 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft windows 11 24h2
CPEs		cpe:2.3:o:microsoft:windows_11_24h2::::::::
Vendors & Products		Microsoft windows 11 24h2

Mon, 13 Apr 2026 18:15:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-60710
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 13 Apr 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2026-04-13T00:00:00+00:00', 'dueDate': '2026-04-27T00:00:00+00:00'}`

Tue, 16 Dec 2025 18:30:00 +0000

Type	Values Removed	Values Added
References		https://www.vicarius.io/vsociety/posts/cve-2025-60710-detection-script-eop-vulnerability-in-host-process-for-windows-tasks https://www.vicarius.io/vsociety/posts/cve-2025-60710-mitigation-script-eop-vulnerability-in-host-process-for-windows-tasks

Thu, 11 Dec 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 09 Dec 2025 22:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft windows 11 24h2 Microsoft windows Server 2025
CPEs		cpe:2.3:o:microsoft:windows_11_24H2:::::::arm64:* cpe:2.3:o:microsoft:windows_server_2025::::::::
Vendors & Products		Microsoft windows 11 24h2 Microsoft windows Server 2025

Tue, 18 Nov 2025 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft windows 11 25h2
CPEs		cpe:2.3:o:microsoft:windows_11_25H2:::::::arm64:*
Vendors & Products		Microsoft windows 11 25h2

Mon, 17 Nov 2025 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft windows 11 25h2
CPEs		cpe:2.3:o:microsoft:windows_11_25h2::::::::
Vendors & Products		Microsoft windows 11 25h2

Wed, 12 Nov 2025 12:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft Microsoft windows Microsoft windows 11
Vendors & Products		Microsoft Microsoft windows Microsoft windows 11

Tue, 11 Nov 2025 18:15:00 +0000

Type	Values Removed	Values Added
Description		Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
Title		Host Process for Windows Tasks Elevation of Privilege Vulnerability
Weaknesses		CWE-59
References		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}`

Subscriptions

Microsoft Windows Windows 11 Windows 11 24h2 Windows 11 24h2 Windows 11 25h2 Windows 11 25h2 Windows Server 2025

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2025-11-11T17:59:25.479Z

Updated: 2026-04-14T03:55:25.244Z

Reserved: 2025-09-26T05:03:24.536Z

Link: CVE-2025-60710

Vulnrichment

Updated: 2025-12-16T17:21:13.750Z

NVD

Status : Analyzed

Published: 2025-11-11T18:15:39.073

Modified: 2026-04-14T14:44:19.867

Link: CVE-2025-60710

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-07T14:45:26Z

Weaknesses

CWE-59

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation active

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object