CVE-2025-60721 is a vulnerability classified under CWE-270, indicating a privilege context switching error in the Windows Administrator Protection mechanism of Microsoft Windows 11 Version 24H2 (build 10.0.26100.0). This flaw allows an authorized attacker with local access and limited privileges to escalate their privileges to higher levels without requiring user interaction. The vulnerability stems from improper handling of privilege context transitions, which can be exploited to bypass security controls designed to restrict administrative operations. The CVSS v3.1 base score is 7.8, reflecting high severity due to the combination of local attack vector, low attack complexity, required privileges, and no user interaction. The impact encompasses full compromise of confidentiality, integrity, and availability of affected systems. Although no public exploits are known at this time, the vulnerability's nature makes it a significant risk for environments where local access is possible. The vulnerability was reserved in late September 2025 and published in November 2025, with no patches currently available, indicating a window of exposure. Organizations using Windows 11 24H2 should be vigilant and implement compensating controls until Microsoft releases an official fix.

The vulnerability allows an attacker with authorized local access to escalate privileges, potentially gaining full administrative control over affected Windows 11 systems. This can lead to unauthorized access to sensitive data, installation of persistent malware, disruption of system availability, and complete compromise of system integrity. For enterprises, this elevates the risk of insider threats or attackers who have gained limited footholds through other means. Critical infrastructure, government, financial, and healthcare organizations are particularly at risk due to the potential for widespread impact and data breaches. The absence of a patch increases exposure time, and the ease of exploitation (low complexity, no user interaction) heightens the threat. The vulnerability could be leveraged in targeted attacks or combined with other exploits to deepen system compromise.

Until an official patch is released, organizations should implement strict local access controls, ensuring only trusted users have physical or remote local access to Windows 11 24H2 systems. Employ the principle of least privilege rigorously, removing unnecessary administrative rights from users and service accounts. Enable and monitor Windows security auditing to detect unusual privilege escalation attempts. Use endpoint detection and response (EDR) tools to identify suspicious behavior indicative of privilege escalation. Consider isolating critical systems to reduce the attack surface and applying application whitelisting to prevent unauthorized code execution. Regularly update and review group policies to restrict administrative privilege delegation. Once Microsoft releases a patch, prioritize immediate deployment across all affected systems. Additionally, educate users about the risks of local access and enforce strong authentication mechanisms to limit unauthorized access.