Exposures › CVE-2025-60710
Microsoft Windows is actively exploited for privilege escalation via CVE-2025-60710, a link-following flaw enabling unauthorized admin access.
This vulnerability allows attackers to escalate privileges by following malicious links, bypassing standard Windows security controls. DIB organizations must immediately patch all Windows systems to prevent unauthorized access to classified or sensitive data, as the flaw is already being weaponized in the wild.
Shame score — Active exploitation of a Windows privilege escalation flaw indicates a critical gap in vendor security posture and widespread compliance risk for defense contractors.
Microsoft Windows contains a link following vulnerability that allows for privilege escalation
| Product | Provider | Status | Match |
|---|---|---|---|
| Azure Commercial Cloud | Microsoft | Authorized | vendor-exact · 0.90 |
| Azure Government (includes Dynamics 365) | Microsoft | Authorized | vendor-exact · 0.90 |
| Microsoft Office 365 GCC High | Microsoft | In Process | vendor-exact · 0.90 |
| Office 365 Multi-Tenant & Supporting Services | Microsoft | Authorized | vendor-exact · 0.90 |