CVE-2025-60710

HIGH KEV

Host Process for Windows Tasks - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2025-60710 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 13, 2026. EIP tracks 1 public exploit from researchers including redpack-kr.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2025-60710, leveraging Windows oplock mechanisms and file deletion techniques to achieve local privilege escalation (LPE). The code includes components for file oplock manipulation and a staged payload to escalate privileges to SYSTEM.

Description

Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

Exploits (1)

nomisec WORKING POC 15 stars

by redpack-kr · local

https://github.com/redpack-kr/CVE-2025-60710

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2025-60710, leveraging Windows oplock mechanisms and file deletion techniques to achieve local privilege escalation (LPE). The code includes components for file oplock manipulation and a staged payload to escalate privileges to SYSTEM.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows (specific version not specified)

Auth required

Prerequisites: Local access to the target system · Ability to execute arbitrary code · Administrative or SYSTEM-level file deletion vulnerability

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory vendor-advisory patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-60710

Third Party Advisory

https://www.vicarius.io/vsociety/posts/cve-2025-60710-detection-script-eop-vulnerability-in-host-process-for-windows-tasks

Third Party Advisory

https://www.vicarius.io/vsociety/posts/cve-2025-60710-mitigation-script-eop-vulnerability-in-host-process-for-windows-tasks

Scores

CVSS v3 7.8

EPSS 0.1903

EPSS Percentile 95.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2026-04-13

VulnCheck KEV 2026-04-13

ENISA EUVD EUVD-2025-93436

CWE

CWE-59

Status published

Products (7)

Microsoft/Windows 11 Version 24H2 10.0.26100.0 - 10.0.26100.7462

Microsoft/Windows 11 Version 25H2 10.0.26200.0 - 10.0.26200.7462

Microsoft/Windows Server 2025 10.0.26100.0 - 10.0.26100.7462

Microsoft/Windows Server 2025 (Server Core installation) 10.0.26100.0 - 10.0.26100.7462

microsoft/windows_11_24h2 < 10.0.26100.7392

microsoft/windows_11_25h2 < 10.0.26200.7092

microsoft/windows_server_2025 < 10.0.26100.7392

Published Nov 11, 2025

KEV Added Apr 13, 2026

Tracked Since Feb 18, 2026