🟒 CVE-2025-60710

CVE-2025-60710 is a local privilege escalation vulnerability in the Host Process for Windows Tasks component affecting Windows 11 and Windows Server 2025. The vulnerability requires local authenticated access and exploits improper link resolution to elevate privileges.

← Back to Overview
LOW_RISK
Risk Level
7.8
CVSS Score
LOCAL
Attack Vector
Privilege Escalation
ATT&CK Tactic
T1068 β€” Exploitation for Privilege Escalation
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

πŸ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2025-11-11

Added to CISA KEV: 2026-04-13 153 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

πŸ” Web Intelligence (Kagi Β· 2026-06-04)

CVE-2025-60710 is a high-severity local privilege escalation vulnerability affecting Microsoft Windows, specifically involving the `\Microsoft\Windows\WindowsAI\Recall\PolicyConfiguration` scheduled task [1] [7].

Active Exploitation and Threat Actor Usage
  • Status: The vulnerability is confirmed to be actively exploited in the wild [5] [4].
  • CISA Involvement: The Cybersecurity and Infrastructure Security Agency (CISA) has flagged this flaw as being exploited in attacks [4].
  • Campaigns: While specific threat actor attribution is not detailed in public reports, its nature as a local privilege escalation (LPE) makes it a common target for attackers who have already gained initial access to a machine and wish to elevate their privileges to SYSTEM level [2].
Attack Method and Requirements
  • Method: The vulnerability is caused by "improper link resolution before file access" (a "link following" weakness) in the Host Process for Windows Tasks [3] [4].
  • Requirements:
* Access: It is a local vulnerability, meaning an attacker must already have authorized access to the system to execute the exploit [3] [2]. * User Interaction: Generally, LPE exploits of this nature do not require complex user interaction once the attacker has established a foothold.
Impact and Access
  • Impact: Successful exploitation allows an attacker to elevate their privileges to SYSTEM level [2].
  • Capabilities: It specifically enables arbitrary folder deletion with SYSTEM privileges, which can be leveraged to further compromise the system or bypass security controls [6].
Proof-of-Concept (PoC) Availability
  • Availability: Yes, a proof-of-concept exploit is publicly available on GitHub, specifically targeting the `\Microsoft\Windows\WindowsAI\Recall\PolicyConfiguration` scheduled task [1].
Affected Products and Patch Status
  • Affected Products: The vulnerability affects Windows 11 and Windows Server 2025 [4].
  • Patch Status: The vulnerability was patched by Microsoft approximately five months prior to April 2026 [5]. Users are strongly advised to ensure their systems are fully updated to the latest security patches.

Sources

  1. Microsoft Windows: CVE-2025-60710 - Rapid7 Vulnerability Database

    Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally ...

  2. redpack-kr/CVE-2025-60710 - GitHub

    CVE-2025-60710. This is PoC for local privilege escalation vulnerability in \Microsoft\Windows\WindowsAI\Recall\PolicyConfiguration scheduled task. When this ... CVE-2025-60710 This is PoC for local privilege escalation vulnerability in \Microsoft\Windows\WindowsAI\Recall\PolicyConfiguration schedul…

  3. CVE-2025-60710 Detail - NVD

    Description. Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate ...

  4. CISA flags Windows Task Host vulnerability as exploited in attacks

    Tracked as CVE-2025-60710, this Windows security flaw stems from a link following weakness affecting Windows 11 and Windows Server 2025 ...

  5. CVE-2025-60710 Windows Privilege Escalation Flaw Exploited

    A Windows privilege escalation flaw patched five months ago is now confirmed to be actively exploited. CVE-2025-60710 (CVSS .78) affects ...

  6. Wh04m1001/CVE-2025-60710 | DeepWiki

    CVE-2025-60710 is a local privilege escalation vulnerability in the Windows \Microsoft\Windows\WindowsAI\Recall\PolicyConfiguration scheduled task that allows arbitrary folder deletion with SYSTEM privileges.

  7. CVE-2025-60710 | Microsoft Windows Vulnerability | UpGuard

    CVE-2025-60710 is a high-severity local privilege escalation vulnerability in Windows Task Scheduler being actively exploited in the wild.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

πŸ“„ Download JSON Data | πŸ“‘ RSS Feed