CVE-2025-60718 is a vulnerability classified under CWE-426 (Untrusted Search Path) affecting Microsoft Windows 11 Version 24H2 (build 10.0.26100.0). The issue lies in the Windows Administrator Protection component, where the system improperly handles the search path for executables or DLLs. An authorized local attacker can exploit this by placing a malicious executable or library in a location that is searched before the legitimate one, causing Windows to load the attacker-controlled code with elevated privileges. This results in privilege escalation, allowing the attacker to gain higher system rights than originally granted. The CVSS v3.1 score is 7.8 (high), reflecting the vulnerability’s significant impact on confidentiality, integrity, and availability, combined with low attack complexity and no need for user interaction. Although no exploits are currently known in the wild, the vulnerability poses a serious risk to systems running this Windows version. The vulnerability was reserved in late September 2025 and published in November 2025, but no patches have been linked yet, indicating that mitigation may currently rely on workarounds or access control measures. The flaw is particularly dangerous because it can be exploited by any user with local access and some privileges, potentially leading to full system compromise.

For European organizations, this vulnerability presents a critical risk especially in environments where Windows 11 Version 24H2 is deployed widely. Privilege escalation can lead to unauthorized access to sensitive data, disruption of critical services, and potential lateral movement within networks. Sectors such as finance, healthcare, government, and critical infrastructure could face severe operational and reputational damage if exploited. The ability for an attacker to elevate privileges locally means that insider threats or attackers who have gained limited access could escalate their control, bypassing security controls and potentially deploying ransomware or data exfiltration tools. The lack of known exploits currently provides a window for proactive defense, but the high severity score underscores the urgency for mitigation. The impact on confidentiality, integrity, and availability is high, making this a significant threat to data protection and system reliability in European enterprises.

1. Monitor Microsoft’s security advisories closely and apply official patches immediately once released for Windows 11 Version 24H2. 2. Until patches are available, restrict local user permissions to the minimum necessary, avoiding granting administrative privileges unnecessarily. 3. Audit and harden executable search paths by ensuring that directories writable by non-administrative users are not included in system PATH environment variables or precede trusted directories. 4. Implement application whitelisting and code integrity policies (e.g., Windows Defender Application Control) to prevent unauthorized executables from running. 5. Use endpoint detection and response (EDR) tools to monitor for suspicious local privilege escalation attempts. 6. Educate system administrators and users about the risks of running untrusted code and the importance of least privilege principles. 7. Regularly review and update local group policies and security configurations to reduce attack surface related to local privilege escalation.