CVE-2025-60705: 
vulnerability analysis and mitigation

Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally. The vulnerability, identified as CVE-2025-60705, was disclosed on November 11, 2025, and affects multiple versions of Microsoft Windows operating systems including Windows Server 2008, 2012, 2016, 2019, 2022, and various Windows 10 and 11 versions (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-284 (Improper Access Control). The issue specifically affects the Windows Client-Side Caching (CSC) Service component (NVD).

If successfully exploited, this vulnerability allows an authorized attacker to elevate privileges locally on affected systems. This could potentially lead to unauthorized system control and compromise of user data (NVD).

Microsoft has released security updates to address this vulnerability. The fixes are available through various KB articles including KB5068864, KB5068791, KB5068781, KB5068865, KB5068861, and others depending on the affected Windows version (Rapid7).