MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2025-60705

🔴 HIGH

Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.

Published
Nov 11, 2025
Last Modified
Nov 17, 2025
Views
3
Bookmarks
0

Description

Request Expert Review

Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.

Affected Products (19)

microsoft - windows_10_1607

Version: *

microsoft - windows_10_1607

Version: *

microsoft - windows_10_1809

Version: *

microsoft - windows_10_1809

Version: *

microsoft - windows_10_21h2

Version: *

microsoft - windows_10_22h2

Version: *

microsoft - windows_11_23h2

Version: *

microsoft - windows_11_24h2

Version: *

microsoft - windows_11_25h2

Version: *

microsoft - windows_server_2008

Version: -

microsoft - windows_server_2008

Version: -

microsoft - windows_server_2008

Version: r2

microsoft - windows_server_2012

Version: -

microsoft - windows_server_2012

Version: r2

microsoft - windows_server_2016

Version: *

microsoft - windows_server_2019

Version: *

microsoft - windows_server_2022

Version: *

microsoft - windows_server_2022_23h2

Version: *

microsoft - windows_server_2025

Version: *

CVSS Scores

CVSS 3.1 7.8
7.8
HIGH
CVSS 2.0 7.8

References

msrc.microsoft.com

Additional Information

Source
secure@microsoft.com
State
Analyzed

Related CVEs

CVE-2025-14705

CRITICAL

A vulnerability was determined in Shiguangwu sgwbox N3 2.0.25. This affects an unknown function of the component SHARESERVER Feature. This manipulatio...

Score: 9.8

CVE-2025-14704

HIGH

A vulnerability was found in Shiguangwu sgwbox N3 2.0.25. The impacted element is an unknown function of the file /eshell of the component API. The ma...

Score: 7.3

CVE-2025-67906

MEDIUM

In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.

Score: 5.4

CVE-2025-14703

MEDIUM

A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function of the file /fsnotify of the component POST...

Score: 5.3

CVE-2025-14702

MEDIUM

A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashAct...

Score: 4.4

CVE-2025-13740

MEDIUM

The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `lightweight-accordion` shortcode in all...

Score: 6.4

Share CVE-2025-60705

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-60705 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis