CVE-2025-60710: Windows Task Host Symlink Privilege Escalation — What It Is & How to Fix It

Executive Summary

CVE-2025-60710 is a high-severity local privilege escalation vulnerability in Windows' Host Process for Tasks (taskhostw.exe) caused by improper symbolic link resolution before file deletion. An authenticated low-privilege attacker can abuse this flaw to delete arbitrary folders as NT AUTHORITY\SYSTEM, which — chained with other techniques — enables full SYSTEM-level compromise. Although Microsoft patched this in November 2025, CISA added it to its Known Exploited Vulnerabilities (KEV) Catalog in April 2026 with a remediation deadline of April 27, 2026, confirming active in-the-wild exploitation against federal and enterprise targets.

---

1. What Is This Vulnerability?

CVE-2025-60710 is classified as a CWE-59: Improper Link Resolution Before File Access ("Link Following") vulnerability. It lives in taskhostw.exe — the Windows Task Host Process, a core component that executes scheduled tasks.

Root Cause

When a scheduled task triggers, taskhostw.exe performs the following internal logic:

1. Opens the path C:\Users\<username>\AppData\Local\CoreAIPlatform.00\UKP\
2. Searches that directory for subdirectories matching the pattern {????????-????-????-????-????????????} (a GUID-format name)
3. Deletes any matching subdirectory — without first verifying whether the path contains a symbolic link

Because standard user accounts have write access to their own %LOCALAPPDATA% directory, any authenticated user can:

1. Create the CoreAIPlatform.00\UKP\ path with a GUID-named subdirectory
2. Replace that subdirectory with a directory junction or symbolic link pointing to a privileged system folder
3. Wait for taskhostw.exe to run as SYSTEM and follow the symlink — deleting the targeted privileged directory

Attack Vector

This is a TOCTOU (Time-Of-Check-Time-Of-Use) class vulnerability combined with a link-following flaw. The attacker races to swap a legitimate directory for a symlink between the time the task host checks for the folder and the time it acts on it. With multiple public proof-of-concept tools (4 PoCs available on GitHub), exploiting this timing window has been reduced to a scripted operation requiring no special privileges beyond a local user session.

Attacker perspective:
1. Create:  C:\Users\attacker\AppData\Local\CoreAIPlatform.00\UKP\{GUID-CHOSEN}\
2. Race:    Replace dir with junction → C:\Windows\System32\<target folder>
3. Trigger: Scheduled task fires → taskhostw.exe (SYSTEM) deletes C:\Windows\System32\<target folder>
4. Chain:   Use the deletion to trigger DLL planting, service hijacking, or UAC bypass for full SYSTEM shell

Real-World Impact

CISA confirmed active exploitation as of April 2026, with threat actors using this vulnerability as a privilege escalation stepping stone in post-intrusion attack chains. It has been observed following initial access via phishing or web-facing exploitation, giving attackers SYSTEM control over Windows 11 workstations and Server 2025 hosts. Four public PoC repositories on GitHub (including Wh04m1001/CVE-2025-60710) have lowered the barrier to exploitation significantly, enabling even moderately skilled attackers to weaponize this flaw.

---

2. Who Is Affected?

Product	Affected Versions
Windows 11	Version 24H2 (all builds prior to November 2025 patch)
Windows 11	Version 25H2 (all builds prior to November 2025 patch)
Windows Server 2025	All builds prior to November 2025 patch

Not affected: Windows 10 (all versions), Windows Server 2022 and earlier — the vulnerable code path involving CoreAIPlatform.00\UKP was introduced alongside Windows 11 AI/Copilot-integrated builds.

High-risk environments:

• Multi-user Windows 11 workstations (shared corporate machines, VDI environments)
• Windows Server 2025 hosts where users have interactive logon rights
• Systems running older November 2025 patch levels due to deferred patching cycles
• Federal civilian executive branch (FCEB) agencies — CISA's BOD 22-01 mandated remediation by April 27, 2026

---

3. How to Detect It (Testing)

Manual Testing Steps

Step 1: Check Windows version and patch level

# Run as any user
Get-ComputerInfo | Select-Object WindowsVersion, OsHardwareAbstractionLayer, OsBuildNumber
winver

Look for Windows 11 24H2 or 25H2 builds. Then verify the November 2025 cumulative update is applied.

Step 2: Verify patch status

# Check for KB patch applied in Nov 2025
Get-HotFix | Where-Object {$_.InstalledOn -gt (Get-Date "2025-11-01")} | Sort-Object InstalledOn -Descending | Select-Object -First 10

If no patches from November 2025 or later are installed on an affected build, the system is likely vulnerable.

Step 3: Check for the vulnerable directory path

# Check if the CoreAIPlatform path exists (indicates the AI component is active)
Test-Path "$env:LOCALAPPDATA\CoreAIPlatform.00\UKP"

If this path exists or can be created by a standard user, the attack surface is present.

Step 4: Verify taskhostw.exe scheduled task triggers

# List scheduled tasks that run as SYSTEM and might invoke taskhostw.exe
Get-ScheduledTask | Where-Object {$_.Principal.RunLevel -eq "Highest" -or $_.Principal.UserId -eq "SYSTEM"} | Select-Object TaskName, TaskPath

Automated Scanning

Tenable Nessus / Tenable.io

• Plugin ID: Search for "CVE-2025-60710" in your Nessus plugin library
• Scan type: Windows Local Security Check (authenticated scan required)
• Expected output: Flags systems missing the November 2025 Cumulative Update for Windows 11 24H2/25H2

Rapid7 InsightVM

• CVE: CVE-2025-60710 (listed in Rapid7 vulnerability database)
• Run an authenticated Windows scan and filter by this CVE in the findings view
• Rapid7 tags this as a local check requiring valid Windows credentials

Microsoft Defender for Endpoint (MDE)

KQL query in Advanced Hunting:
DeviceProcessEvents
| where FileName == "taskhostw.exe"
| where ProcessCommandLine contains "CoreAIPlatform"
| project Timestamp, DeviceName, AccountName, ProcessCommandLine

Sysinternals / Manual symlink check

# Check if any junctions or symlinks exist in the UKP path
Get-Item "$env:LOCALAPPDATA\CoreAIPlatform.00\UKP\*" -Force | 
  Where-Object {$_.Attributes -band [System.IO.FileAttributes]::ReparsePoint}

Code Review Checklist

When reviewing internal tooling or scheduled tasks running as SYSTEM on Windows 11/Server 2025:

• Verify all file/directory deletion operations resolve symlinks before acting (use GetFinalPathNameByHandle or equivalent)
• Confirm no SYSTEM-level processes delete user-controlled paths without canonicalization
• Ensure scheduled tasks operating on %LOCALAPPDATA% subpaths validate path integrity
• Check that ACLs restrict symlink creation in shared or sensitive directories

---

4. How to Fix It (Mitigation)

Step-by-Step Remediation

1. Apply the Microsoft Security Update (primary fix)

The official patch was released in November 2025 Patch Tuesday. Install the cumulative update for your Windows version:

• Windows 11 24H2: Install KB from November 2025 CU or any subsequent monthly rollup
• Windows 11 25H2: Install KB from November 2025 CU or any subsequent monthly rollup
• Windows Server 2025: Install the November 2025 Security-only or Monthly Rollup update

# Check Windows Update via PowerShell (requires PSWindowsUpdate module)
Install-Module PSWindowsUpdate -Force
Get-WindowsUpdate -MicrosoftUpdate -AcceptAll -Install

Or via Settings → Windows Update → Check for Updates.

2. Force Windows Update if deferred

# Trigger update check and install immediately (admin required)
UsoClient.exe StartScan
UsoClient.exe StartDownload
UsoClient.exe StartInstall

3. Prioritize CISA KEV deadline (FCEB agencies)

For federal agencies: CISA's BOD 22-01 mandated remediation by April 27, 2026. If not yet patched, this should be treated as a P0 emergency change.

4. Intermediate workaround (if immediate patching is not possible)

Restrict the ability to create symbolic links for non-administrative users via Group Policy:

Computer Configuration → Windows Settings → Security Settings → 
Local Policies → User Rights Assignment → "Create symbolic links"

Remove standard users from this right. Note: This is a defense-in-depth measure only — it does not fully remediate the flaw, as directory junctions (a related technique) may still be usable.

5. Restrict scheduled task triggers (temporary)

As an emergency measure, disable or pause scheduled tasks that invoke taskhostw.exe with SYSTEM privileges on affected systems until patching is complete:

# Audit SYSTEM-level scheduled tasks
Get-ScheduledTask | Where-Object {$_.Principal.UserId -eq "SYSTEM"} | 
  Disable-ScheduledTask

Re-enable after patching and validation.

Code Fix Example

For developers maintaining Windows-compatible tooling that deletes user-controlled paths as a privileged process, the pattern to avoid and its fix:

// VULNERABLE: deletes path without resolving symlinks
RemoveDirectory(user_controlled_path);

// SAFE: resolve the final path before deletion, then verify it's within expected scope
HANDLE hDir = CreateFile(user_controlled_path, DELETE, 0, NULL, OPEN_EXISTING,
    FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, NULL);

TCHAR finalPath[MAX_PATH];
GetFinalPathNameByHandle(hDir, finalPath, MAX_PATH, VOLUME_NAME_DOS);

// Verify finalPath is still within the expected base directory
if (IsPathUnderExpectedBase(finalPath, expected_base)) {
    CloseHandle(hDir);
    RemoveDirectory(finalPath); // Now operating on the real, canonical path
}

Configuration Hardening

• Enable Windows Defender Credential Guard to limit lateral movement following privilege escalation
• Enable Attack Surface Reduction (ASR) rules in Microsoft Defender for Endpoint to block abuse of scheduled task execution patterns
• Apply Principle of Least Privilege: Users should not have interactive logon to servers; VDI/terminal server environments should be evaluated carefully

---

5. How to Test the Fix (Validation)

Regression Test Scenarios

• Scenario A: Verify November 2025 (or later) CU is installed — check Get-HotFix output confirms patch date post November 2025
• Scenario B: Attempt to reproduce the symlink attack using a public PoC in a sandboxed test environment — confirm the deletion no longer follows the link to a SYSTEM-protected path
• Scenario C: Confirm scheduled tasks continue to run normally after patching (no operational disruption to taskhostw.exe-based tasks)

Security Test Cases

Test Case 1: Verify patch is applied

• Precondition: Patched Windows 11 24H2 or 25H2 system
• Steps: Run Get-HotFix | Where-Object {$_.InstalledOn -gt (Get-Date "2025-11-01")} and confirm cumulative update present
• Expected Result: Patch KB listed with install date in November 2025 or later

Test Case 2: Confirm symlink attack vector blocked (lab/sandbox only)

• Precondition: Apply patch on a test machine, isolated from production
• Steps: Using a low-privilege test account, create CoreAIPlatform.00\UKP\{GUID}, replace with a junction to a SYSTEM path, trigger the scheduled task
• Expected Result: taskhostw.exe either skips the path, resolves the real target, or errors safely — no deletion of the SYSTEM-owned target directory

Test Case 3: Verify symlink creation policy (if GPO workaround applied)

# Test as standard user (should fail after applying GPO workaround)
New-Item -ItemType SymbolicLink -Path "C:\Users\testuser\testlink" -Target "C:\Windows\System32\drivers"
# Expected: "Access to the path is denied" or privilege error

Automated Tests

# Automated Pester test for patch validation (save as Test-CVE-2025-60710.ps1)
Describe "CVE-2025-60710 Patch Validation" {
    It "Should have November 2025 or later patch installed" {
        $patches = Get-HotFix | Where-Object {$_.InstalledOn -gt (Get-Date "2025-11-01")}
        $patches.Count | Should -BeGreaterThan 0
    }
    
    It "Windows build should be patched version" {
        $build = (Get-ComputerInfo).OsBuildNumber
        # Patched builds for 24H2 are >= 26100.2605 (Nov 2025)
        $build | Should -BeGreaterOrEqual 26100
    }
    
    It "Taskhostw.exe should be updated file version" {
        $ver = (Get-Item "C:\Windows\System32\taskhostw.exe").VersionInfo.FileVersion
        Write-Host "Current taskhostw.exe version: $ver"
        $ver | Should -Not -BeNullOrEmpty
    }
}

---

6. Prevention & Hardening

Best Practices

• Maintain aggressive patch cadence for Windows 11/Server 2025: The November 2025 patch has been available for months — if CISA is adding this to KEV in April 2026, many environments are still exposed. Enforce monthly patching SLAs, with critical/high severity patches within 30 days.
• Audit and restrict symlink creation rights: Review GPO settings for "Create symbolic links" and scope it to only users/roles that genuinely require it. Most standard enterprise users do not need this right.
• Apply Zero Trust principles to scheduled tasks: Tasks running as SYSTEM should never operate on user-writable paths without explicit path canonicalization. Audit custom scheduled tasks in your environment for this anti-pattern.
• Monitor CISA KEV and act on deadline dates: CVE-2025-60710's KEV deadline was April 27, 2026. Treat KEV additions as emergency-level patch requirements, especially for Windows system components.

Monitoring & Detection

Microsoft Defender for Endpoint (MDE) — Advanced Hunting

// Detect suspicious directory junction creation in CoreAIPlatform path
DeviceFileEvents
| where FolderPath contains "CoreAIPlatform.00\\UKP"
| where ActionType in ("DirectoryCreated", "FileCreated")
| where InitiatingProcessAccountType != "System"
| project Timestamp, DeviceName, AccountName, FolderPath, ActionType, InitiatingProcessFileName
| order by Timestamp desc

// Detect taskhostw.exe operating on reparse points
DeviceProcessEvents
| where FileName == "taskhostw.exe"
| join kind=inner (
    DeviceFileEvents
    | where ActionType == "DirectoryDeleted"
    | where FolderPath contains "CoreAIPlatform"
) on DeviceId, $left.Timestamp, $right.Timestamp
| project Timestamp, DeviceName, FolderPath

Sysmon Detection Rule

<RuleGroup name="CVE-2025-60710 Symlink Abuse" groupRelation="or">
  <FileCreate onmatch="include">
    <TargetFilename condition="contains">CoreAIPlatform.00\UKP</TargetFilename>
  </FileCreate>
</RuleGroup>

Windows Event Log

• Enable Object Access Auditing (SACL) on %LOCALAPPDATA% for privilege users
• Watch for Event ID 4656 (handle request to object) and Event ID 4663 (object access) on CoreAIPlatform.00\UKP paths initiated by taskhostw.exe

---

References

• CVE Official Page: CVE-2025-60710 — NVD Detail
• Microsoft MSRC Advisory: Microsoft Security Update Guide — CVE-2025-60710
• CISA KEV Catalog: CISA Known Exploited Vulnerabilities — CVE-2025-60710
• Rapid7 Vulnerability DB: Microsoft Windows CVE-2025-60710
• Public PoC (Research Reference): Wh04m1001/CVE-2025-60710 on GitHub
• CVEFeed Technical Detail: CVE-2025-60710 Host Process for Windows Tasks EoP
• CISA Week of April 13 Vulnerability Summary: CISA SB26-110