CISA has added CVE‑2025-60710, the Microsoft Windows Link Following Vulnerability, to its Known Exploited Vulnerabilities catalogue. The entry concerns Microsoft’s Windows operating system, which contains a link following flaw that permits privilege escalation.
The vulnerability is a local privilege escalation issue arising from improper handling of symbolic links or junction points. An attacker with low‑level user access can manipulate these links to gain SYSTEM‑level privileges, leading to full control of the affected host. The flaw is rated CVSS 7.8 (High) and a patch is available from Microsoft via the MSRC update guide.
Active exploitation has been observed, which is why the CVE was placed in the KEV catalogue; there is currently no publicly known use in ransomware campaigns. CISA has set a remediation deadline of 26 April 2026 for Federal Civilian Executive Branch agencies to address the issue.
CISA’s required action is to apply mitigations per vendor instructions, follow applicable BOD 22‑01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. FCEB agencies must comply by the deadline; all other organisations are advised to review their Windows exposure and implement the vendor’s patch or mitigations as soon as possible.
For full technical details, see the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2025-60710 and the CISA KEV catalogue.