COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2025-60710

CVE-2025-60710

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-04-13
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-60710
⌖ exploited in the wild shame 85/100 exploited-in-wildprivilege-escalationsupply-chain

Microsoft Windows is actively exploited for privilege escalation via CVE-2025-60710, a link-following flaw enabling unauthorized admin access.

This vulnerability allows attackers to escalate privileges by following malicious links, bypassing standard Windows security controls. DIB organizations must immediately patch all Windows systems to prevent unauthorized access to classified or sensitive data, as the flaw is already being weaponized in the wild.

Shame score — Active exploitation of a Windows privilege escalation flaw indicates a critical gap in vendor security posture and widespread compliance risk for defense contractors.

Players implicated

Microsoft · vendorwindows · product

Description

Microsoft Windows contains a link following vulnerability that allows for privilege escalation

Affected FedRAMP products 4 in the catalog

ProductProviderStatusMatch
Azure Commercial Cloud Microsoft Authorized vendor-exact · 0.90
Azure Government (includes Dynamics 365) Microsoft Authorized vendor-exact · 0.90
Microsoft Office 365 GCC High Microsoft In Process vendor-exact · 0.90
Office 365 Multi-Tenant & Supporting Services Microsoft Authorized vendor-exact · 0.90