Description
Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
Published: 2025-11-11
Score: 7.8 High
EPSS: 4.6% Low
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in the Host Process for Windows Tasks exposes an improper link resolution before file access, also known as link following. This flaw permits an attacker with local user privileges to craft a path that the host process incorrectly resolves and opens, enabling the escalation of programmatic privileges. The weakness is identified as CWE‑59 and allows the execution of operations with system-level rights, exposing the confidentiality, integrity, and availability of the affected system to compromise.

Affected Systems

Microsoft Windows 11 versions 24H2 and 25H2, as well as Windows Server 2025 and its Server Core installation are impacted. The host process that manages scheduled tasks is the component that requires remediation.

Risk and Exploitability

The CVSS score of 7.8 marks this as high severity, while the EPSS score of 5% indicates a relatively low probability of exploitation under current conditions. Because the flaw requires local user context, the attack vector is most likely local. The vulnerability appears in the CISA Known Exploited Vulnerabilities catalog, confirming that exploitation is already occurring in the wild. Given the combination of high severity and verified exploitation, organizations should treat this as a priority for remediation.

Generated by OpenCVE AI on June 18, 2026 at 06:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Microsoft security update for CVE‑2025‑60710, which is available via Windows Update or the Microsoft Security Response Center update guide.
  • Run the Vicarius detection script to identify systems that have not yet received the patch and confirm whether the Host Process for Windows Tasks component is vulnerable.
  • Until the patch is applied, execute the Vicarius mitigation script to block the vulnerable link resolution path, providing a temporary workaround while the official fix is deployed.

Generated by OpenCVE AI on June 18, 2026 at 06:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 11 24h2
CPEs cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*
Vendors & Products Microsoft windows 11 24h2

Mon, 13 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 13 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-04-13T00:00:00+00:00', 'dueDate': '2026-04-27T00:00:00+00:00'}


Tue, 16 Dec 2025 18:30:00 +0000


Thu, 11 Dec 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 09 Dec 2025 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 11 24h2
Microsoft windows Server 2025
CPEs cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
Vendors & Products Microsoft windows 11 24h2
Microsoft windows Server 2025

Tue, 18 Nov 2025 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 11 25h2
CPEs cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*
Vendors & Products Microsoft windows 11 25h2

Mon, 17 Nov 2025 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 11 25h2
CPEs cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*
Vendors & Products Microsoft windows 11 25h2

Wed, 12 Nov 2025 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
Microsoft windows 11
Vendors & Products Microsoft
Microsoft windows
Microsoft windows 11

Tue, 11 Nov 2025 18:15:00 +0000

Type Values Removed Values Added
Description Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
Title Host Process for Windows Tasks Elevation of Privilege Vulnerability
Weaknesses CWE-59
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}


Subscriptions

Microsoft Windows Windows 11 Windows 11 24h2 Windows 11 24h2 Windows 11 25h2 Windows 11 25h2 Windows Server 2025
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-14T03:55:25.244Z

Reserved: 2025-09-26T05:03:24.536Z

Link: CVE-2025-60710

cve-icon Vulnrichment

Updated: 2025-12-16T17:21:13.750Z

cve-icon NVD

Status : Analyzed

Published: 2025-11-11T18:15:39.073

Modified: 2026-06-17T09:50:01.133

Link: CVE-2025-60710

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T06:15:14Z

Weaknesses
  • CWE-59

    Improper Link Resolution Before File Access ('Link Following')