Vulnerability intelligence
CVE-2025-60710
Microsoft Windows Link Following Vulnerability
Microsoft Windows
Microsoft Windows contains a link following vulnerability that allows for privilege escalation
CVSS Score
7.8
High
EPSS — Exploit Probability
0.0%
Riskier than 0% of all CVEs
Exploitation
Confirmed in the wild
Used in ransomware campaigns
Remediation
Patch available
Federal deadline 2026-04-27
CISA required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2026-04-27.
5 articles across 5 outlets · first covered Apr 13, 2026 · latest Apr 14, 2026
Coverage timeline
-
Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilitieswww.securityweek.com · Apr 14, 2026
-
CISA Adds Critical Adobe, Microsoft, Fortinet Flaws to KEV Catalogsecurityaffairs.com · Apr 14, 2026
-
CISA adds six KEV flaws amid active Fortinet exploitsthehackernews.com · Apr 14, 2026
-
CISA flags Windows link flaw CVE-2025-60710 as actively exploitedwww.cisa.gov · Apr 13, 2026
-
CISA flags Windows link flaw CVE-2025-60710 as actively exploitedcisa.gov · Apr 13, 2026