CVE-2025-60710 is a vulnerability categorized under CWE-59 (Improper Link Resolution Before File Access, or 'Link Following') affecting Microsoft Windows Server 2025, specifically the Server Core installation version 10.0.26100.0. The flaw resides in the Host Process for Windows Tasks, which improperly resolves symbolic links or junction points before accessing files. This improper link resolution can be exploited by an authorized local attacker to escalate privileges by tricking the system into accessing or modifying files through malicious symbolic links. The vulnerability requires the attacker to have some level of local privileges (PR:L) but does not require user interaction (UI:N). The CVSS v3.1 base score is 7.8, indicating a high severity level, with impacts rated high on confidentiality, integrity, and availability. The attack vector is local, and the attack complexity is low, meaning an attacker with limited privileges can exploit this flaw to gain elevated privileges, potentially leading to full system compromise. No known public exploits or patches are currently available, but the vulnerability is publicly disclosed and assigned a CVE ID. This vulnerability is particularly relevant for environments running Windows Server 2025 in Server Core mode, which is commonly used in enterprise and cloud data centers for its minimal footprint and reduced attack surface. The improper link resolution issue could allow attackers to bypass security controls and gain unauthorized access to sensitive files or system components.

For European organizations, this vulnerability poses a significant risk, especially for those relying on Windows Server 2025 Server Core installations in critical infrastructure, financial services, healthcare, and government sectors. Successful exploitation could lead to privilege escalation, enabling attackers to execute arbitrary code with elevated rights, access sensitive data, disrupt services, or deploy ransomware. The high impact on confidentiality, integrity, and availability could result in data breaches, operational downtime, and regulatory non-compliance under GDPR and other data protection laws. Since the attack requires local access, insider threats or attackers who have already compromised lower-privileged accounts could leverage this vulnerability to deepen their foothold. The lack of available patches increases the window of exposure, emphasizing the need for proactive mitigation. Additionally, organizations using automated deployment or orchestration tools that rely on Server Core installations may face increased risk if these tools do not enforce strict access controls.

1. Enforce strict local access controls and limit administrative privileges to trusted personnel only, reducing the risk of local exploitation. 2. Implement robust monitoring and logging of file system activities, especially around symbolic link creation and modification, to detect suspicious behavior early. 3. Use application whitelisting and endpoint protection solutions that can detect and block attempts to exploit privilege escalation vulnerabilities. 4. Isolate critical servers running Windows Server 2025 Server Core from less trusted networks and users to minimize local access opportunities. 5. Prepare for rapid deployment of security patches by establishing a patch management process tailored for Server Core environments. 6. Conduct regular security audits and vulnerability assessments focusing on privilege escalation vectors and link resolution mechanisms. 7. Educate system administrators about the risks of symbolic link manipulation and the importance of secure file system configurations. 8. Consider deploying additional layers of security such as virtualization-based security or Windows Defender Credential Guard to mitigate privilege escalation impacts. 9. Restrict or monitor the use of scripting and automation tools that could be leveraged to exploit this vulnerability. 10. Engage with Microsoft support channels for updates and advisories related to this CVE.