CVE-2025-60710 is a vulnerability identified in Microsoft Windows 11 Version 24H2 (build 10.0.26100.0) that involves improper link resolution before file access, also known as 'link following'. This vulnerability is classified under CWE-59, which typically involves symbolic link (symlink) or junction point handling errors that allow an attacker to manipulate file system links to access or modify files they should not. Specifically, the flaw exists in the Host Process for Windows Tasks, a core system component responsible for managing scheduled and background tasks. Due to improper validation or resolution of symbolic links before accessing files, an authorized attacker with limited privileges can exploit this to escalate their privileges locally, gaining higher system rights than intended. The CVSS v3.1 base score is 7.8, reflecting a high severity with the following vector: Attack Vector: Local (L), Attack Complexity: Low (L), Privileges Required: Low (L), User Interaction: None (N), Scope: Unchanged (U), and high impact on Confidentiality, Integrity, and Availability (all High). The exploit does not require user interaction and can be performed by an attacker who already has some level of access, making it a significant risk for insider threats or compromised accounts. As of the published date, no known exploits in the wild have been reported, and no official patches have been linked, indicating the need for vigilance and proactive mitigation. The vulnerability could be leveraged to bypass security controls, install persistent malware, or disrupt system operations.

The impact of CVE-2025-60710 is substantial for organizations using Windows 11 Version 24H2. Successful exploitation allows an attacker with limited local privileges to escalate to higher privileges, potentially SYSTEM level, enabling full control over the affected system. This can lead to unauthorized access to sensitive data, modification or deletion of critical files, installation of persistent malware, and disruption of system availability. In enterprise environments, this could compromise domain-joined machines, enabling lateral movement and further network compromise. The lack of required user interaction and low complexity of attack increase the risk, especially in environments with multiple users or shared access systems. Organizations relying on Windows 11 for critical infrastructure, cloud services, or endpoint devices face increased risk of data breaches, operational disruption, and compliance violations if this vulnerability is exploited.

To mitigate CVE-2025-60710, organizations should immediately inventory and identify all systems running Windows 11 Version 24H2 build 10.0.26100.0. Until an official patch is released, apply the following specific mitigations: 1) Restrict local user permissions to the minimum necessary, especially limiting access to the Host Process for Windows Tasks and related directories to prevent unauthorized link creation or manipulation. 2) Employ application whitelisting and endpoint detection and response (EDR) solutions to monitor and block suspicious activities related to symbolic link creation or file access anomalies. 3) Use Group Policy or security baselines to harden file system permissions and prevent unauthorized symbolic link usage. 4) Monitor event logs for unusual privilege escalation attempts or access to the Host Process for Windows Tasks. 5) Educate system administrators and users about the risks of local privilege escalation and enforce strict access controls on shared systems. 6) Once Microsoft releases a security update, prioritize testing and deployment of the patch across all affected systems. 7) Consider network segmentation and limiting administrative privileges to reduce the blast radius of potential exploitation.