CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Windows Task Host privilege escalation flaw (CVE-2025-60710) added to CISA's Known Exploited Vulnerabilities catalog

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A Windows Task Host privilege escalation vulnerability (CVE-2025-60710) is being actively exploited by attackers to gain SYSTEM privileges on Windows 11 and Windows Server 2025 systems. The vulnerability, stemming from a link following weakness in the Host Process for Windows Tasks, allows local attackers with basic user permissions to escalate privileges through low-complexity attacks. Microsoft patched the flaw in November 2025, but exploitation has now been confirmed in the wild. CISA has mandated Federal Civilian Executive Branch agencies to remediate within two weeks under BOD 22-01.

Timeline

  1. 15.04.2026 17:51 1 articles · 4h ago

    CISA mandates remediation for Windows Task Host privilege escalation flaw (CVE-2025-60710) added to Known Exploited Vulnerabilities catalog

    CISA added CVE-2025-60710 to its Known Exploited Vulnerabilities catalog on April 14, 2026, confirming active exploitation and mandating Federal Civilian Executive Branch agencies to remediate within 14 days per BOD 22-01. The flaw, affecting Windows 11 and Windows Server 2025, allows local attackers with basic permissions to escalate privileges to SYSTEM via a link following weakness in the Host Process for Windows Tasks.

    Show sources
    Open in new tab

Information Snippets

  • The vulnerability (CVE-2025-60710) affects Windows 11 and Windows Server 2025 systems and arises from a link following weakness in the Host Process for Windows Tasks.

    First reported: 15.04.2026 17:51
    1 source, 1 article
    Show sources

  • Exploitation grants SYSTEM privileges to attackers with basic user-level access, enabling full control of compromised devices through low-complexity methods.

    First reported: 15.04.2026 17:51
    1 source, 1 article
    Show sources

  • Microsoft patched CVE-2025-60710 in November 2025, but active exploitation is now confirmed by CISA's inclusion in the Known Exploited Vulnerabilities catalog.

    First reported: 15.04.2026 17:51
    1 source, 1 article
    Show sources

  • CISA added CVE-2025-60710 to its catalog on April 14, 2026, and requires Federal Civilian Executive Branch agencies to remediate within 14 days per BOD 22-01.

    First reported: 15.04.2026 17:51
    1 source, 1 article
    Show sources