CVE-2025-60718 is a vulnerability classified under CWE-426 (Untrusted Search Path) affecting Microsoft Windows 11 Version 24H2 (build 10.0.26100.0). The issue arises from the way Windows Administrator Protection handles the search path for executables or libraries, allowing an attacker with authorized local access to influence the search path and execute malicious code with elevated privileges. This vulnerability enables privilege escalation without requiring user interaction, making it a potent threat for local attackers who have limited privileges but seek to gain administrative control. The CVSS v3.1 base score is 7.8, reflecting high severity due to the combination of local attack vector, low attack complexity, required privileges, and significant impact on confidentiality, integrity, and availability. The vulnerability was reserved in late September 2025 and published in November 2025, with no known exploits publicly reported yet. The lack of patch links indicates that a fix may still be pending or in development. The core technical risk is that Windows may load malicious executables or DLLs from untrusted directories earlier in the search order than legitimate system files, enabling code execution with elevated rights. This can lead to full system compromise, data theft, or disruption of services.

The potential impact of CVE-2025-60718 is significant for organizations worldwide using Windows 11 Version 24H2. Successful exploitation allows attackers with local access to escalate privileges to administrative levels, potentially leading to full system compromise. This can result in unauthorized access to sensitive data, installation of persistent malware, disruption of critical services, and lateral movement within networks. Since the vulnerability affects the core operating system's privilege model, it undermines the foundational security controls of affected systems. Organizations relying on Windows 11 24H2 in enterprise environments, especially those with many local users or shared workstations, face increased risk. The absence of required user interaction and the low complexity of exploitation make it easier for attackers to leverage this flaw once a working exploit is developed. Although no exploits are currently known in the wild, the high severity score and nature of the vulnerability suggest it could become a popular target for attackers aiming to gain administrative control on compromised machines.

1. Monitor official Microsoft channels closely for patches addressing CVE-2025-60718 and prioritize their deployment as soon as they become available. 2. Until patches are released, restrict local user privileges to the minimum necessary, avoiding granting administrative rights to standard users. 3. Implement application whitelisting and restrict execution of unauthorized binaries, especially in directories commonly targeted by untrusted search path attacks. 4. Harden system configurations by reviewing and securing environment variables such as PATH to prevent loading executables from untrusted locations. 5. Use endpoint detection and response (EDR) tools to monitor for unusual local privilege escalation attempts or suspicious process creation patterns. 6. Educate system administrators and users about the risks of running untrusted software and the importance of maintaining strict local access controls. 7. Regularly audit and clean up directories included in executable search paths to remove or quarantine suspicious files. 8. Employ least privilege principles and consider using Windows Defender Application Control (WDAC) or similar technologies to enforce trusted code execution policies.