CVE-2025-60705

Q: What is the severity of CVE-2025-60705?

CVE-2025-60705 has a CVSS score of 7.8 (HIGH). This vulnerability allows an authenticated attacker with local access to exploit improper access control in Windows Client-Side Caching (CSC) Service to elevate privileges on the system. It affects Windows systems with CSC enabled, potentially allowing attackers to gain SYSTEM-level privileges. This is a local privilege escalation vulnerability requiring initial access to the target system.

7.8 HIGH

📋 TL;DR

This vulnerability allows an authenticated attacker with local access to exploit improper access control in Windows Client-Side Caching (CSC) Service to elevate privileges on the system. It affects Windows systems with CSC enabled, potentially allowing attackers to gain SYSTEM-level privileges. This is a local privilege escalation vulnerability requiring initial access to the target system.

💻 Affected Systems

Products:

Windows Client-Side Caching (CSC) Service

Versions: Specific Windows versions as listed in Microsoft advisory

Operating Systems: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: Requires CSC service to be enabled and running. CSC is commonly enabled in enterprise environments for offline file access.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains SYSTEM privileges, enabling complete system compromise, persistence installation, credential theft, and lateral movement across the network.

🟠

Likely Case

Malicious insider or malware with initial foothold escalates to administrative privileges to install additional payloads, disable security controls, or access sensitive data.

🟢

If Mitigated

Attack is contained to the local system without privilege escalation, limiting damage to user-level resources only.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring authenticated access to the system.

🏢 Internal Only: HIGH - Once an attacker gains initial access to a system (via phishing, malware, etc.), they can exploit this to gain full control.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated local access. Exploitation likely involves manipulating CSC service operations to bypass access controls.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60705

Restart Required: Yes

Instructions:

1. Apply latest Windows security updates from Microsoft Update or WSUS. 2. Verify update installation via Windows Update history. 3. Restart system as required.

🔧 Temporary Workarounds

Disable Client-Side Caching Service

windows

Disables the vulnerable CSC service if not required for business operations

sc config csc start= disabled
sc stop csc

Restrict Local Access

all

Implement strict access controls to limit who can log into affected systems

🧯 If You Can't Patch

Implement application control policies to prevent unauthorized code execution
Enable Windows Defender Exploit Guard and configure Attack Surface Reduction rules

🔍 How to Verify

Check if Vulnerable:

Check if CSC service is running: sc query csc | findstr RUNNING

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify Windows Update history contains the relevant security update KB

📡 Detection & Monitoring

Log Indicators:

Unusual CSC service activity
Privilege escalation attempts in Security logs (Event ID 4672, 4688)
Suspicious process creation from CSC context

Network Indicators:

Not applicable - local exploitation only

SIEM Query:

EventID=4688 AND NewProcessName="*" AND ParentProcessName="*csc*" | stats count by Computer, ParentProcessName, NewProcessName

📊 Metadata

CVE ID: CVE-2025-60705

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-284

EPSS Score: 0.08% exploit probability (23.9th percentile)

Published: November 11, 2025

Last Updated: November 17, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60705 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows 11 25h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Client-Side Caching Service

Restrict Local Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities