CVE-2025-60718 is a vulnerability classified under CWE-426 (Untrusted Search Path) affecting Microsoft Windows 11 Version 24H2 (build 10.0.26100.0). The issue arises from the way Windows Administrator Protection handles the search path for executables or DLLs, allowing an attacker with authorized local access to manipulate the search path to load malicious code. This can lead to privilege escalation, enabling the attacker to gain higher system privileges than originally granted. The vulnerability requires local access with some privileges (PR:L) but does not require user interaction (UI:N), making exploitation feasible in environments where attackers have foothold access. The CVSS v3.1 score is 7.8, reflecting high impact on confidentiality, integrity, and availability (all rated high), with low attack complexity and no need for user interaction. No public exploits are known yet, but the vulnerability's nature suggests it could be leveraged in targeted attacks or lateral movement scenarios. The lack of a patch link indicates that a fix is pending or in development. The vulnerability's exploitation could allow attackers to bypass security controls, execute arbitrary code with elevated privileges, and compromise entire systems.

For European organizations, the impact of CVE-2025-60718 is significant. Windows 11 is widely deployed across enterprises, government agencies, and critical infrastructure sectors in Europe. Successful exploitation could lead to full system compromise, data breaches, disruption of services, and loss of control over affected machines. This is particularly concerning for sectors such as finance, healthcare, energy, and public administration, where elevated privileges can facilitate lateral movement and persistent access. The vulnerability could also undermine trust in endpoint security and complicate incident response. Given the high confidentiality, integrity, and availability impacts, organizations face risks of data theft, ransomware deployment, and operational downtime. The requirement for local access limits remote exploitation but does not eliminate risk, especially in environments with weak internal controls or where attackers have already gained initial access.

Organizations should prepare to deploy official patches from Microsoft as soon as they become available. In the meantime, they should implement strict local user privilege management, ensuring users have only the minimum necessary rights. Employ application whitelisting and restrict execution of unauthorized binaries in directories that are part of the search path. Monitor systems for unusual local activity indicative of privilege escalation attempts, such as unexpected process launches or DLL loads. Use endpoint detection and response (EDR) tools to detect and block suspicious behavior. Regularly audit local accounts and remove or disable unnecessary privileged accounts. Educate IT staff about the risks of untrusted search paths and encourage vigilance in managing local system configurations. Network segmentation can also limit the spread of an attacker who gains elevated privileges on one machine.