7.8
CVE-2025-60710
- EPSS 29.87%
- Veröffentlicht 11.11.2025 18:15:39
- Zuletzt bearbeitet 14.04.2026 14:44:19
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Host Process for Windows Tasks Elevation of Privilege Vulnerability
Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows 11 24h2 Version < 10.0.26100.7392
Microsoft ≫ Windows 11 25h2 Version < 10.0.26200.7392
Microsoft ≫ Windows Server 2025 Version < 10.0.26100.7392
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login13.04.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Windows Link Following Vulnerability
SchwachstelleMicrosoft Windows contains a link following vulnerability that allows for privilege escalation
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 29.87% | 0.967 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secure@microsoft.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.