CISA Warns of Exploited Windows Task Host Vulnerability CVE-2025-60710

Severity: High (Score: 72.0)

Sources: Bleepingcomputer, cwe.mitre.org, msrc.microsoft.com

Summary

CISA has issued a warning to U.S. government agencies regarding a privilege escalation vulnerability in Windows Task Host, tracked as CVE-2025-60710. This vulnerability, affecting Windows 11 and Windows Server 2025, allows local attackers with basic user permissions to elevate their privileges to SYSTEM level. The flaw arises from a link following weakness and was patched by Microsoft in November 2025. CISA added this CVE to its catalog of actively exploited vulnerabilities on April 13, 2026, and has mandated that Federal Civilian Executive Branch agencies secure their systems within two weeks. Although details about specific attacks were not disclosed, CISA emphasized the urgency for all organizations, including those in the private sector, to apply the patch. This vulnerability represents a significant risk to federal enterprises and is a common attack vector for cyber actors. Microsoft has yet to confirm active exploitation in its security advisory. Key Points: • CISA warns of active exploitation of CVE-2025-60710 in Windows Task Host. • Local attackers can exploit this vulnerability to gain SYSTEM privileges. • Federal agencies have two weeks to secure their systems against this threat.

Key Entities

• Zero-day Exploit (attack_type)
• CISA (company)
• Microsoft (company)
• CVE-2025-60710 (cve)
• Government (industry)
• T1053 - Scheduled Task/Job (mitre_attack)
• Ivanti Endpoint Manager Mobile (platform)
• Windows (platform)
• Link Following (vulnerability)
• Windows Task Host Vulnerability (vulnerability)