CVE-2025-60717 is a use-after-free vulnerability classified under CWE-416 found in the Windows Broadcast DVR User Service on Windows 10 Version 1809 (build 10.0.17763.0). This vulnerability arises when the service improperly manages memory, freeing an object while it is still in use, which can lead to arbitrary code execution or privilege escalation. An attacker with authorized local access and low privileges can exploit this flaw to elevate their privileges to higher levels, potentially SYSTEM level, without requiring user interaction. The CVSS v3.1 base score is 7.0, indicating high severity, with attack vector local (AV:L), attack complexity high (AC:H), privileges required low (PR:L), no user interaction (UI:N), and impact on confidentiality, integrity, and availability all rated high (C:H/I:H/A:H). The vulnerability does not currently have known exploits in the wild, and no official patches have been linked yet, though Microsoft has reserved the CVE and published the vulnerability details. The Broadcast DVR User Service is a Windows component related to game DVR and broadcasting features, which may be enabled on many systems by default or through user configuration. Exploitation requires local access, which limits remote exploitation but still poses a significant risk in environments where attackers can gain local footholds, such as through phishing or insider threats. This vulnerability can lead to complete system compromise, data breaches, and disruption of critical services if exploited.

For European organizations, the impact of CVE-2025-60717 is significant, especially for those still running Windows 10 Version 1809, which is an older, out-of-support version in many cases. Successful exploitation allows attackers to escalate privileges locally, potentially gaining full control over affected systems. This can lead to unauthorized access to sensitive data, disruption of business operations, and deployment of further malware or ransomware. Critical sectors such as finance, healthcare, government, and industrial control systems are particularly vulnerable due to the potential for data breaches and operational disruption. The high impact on confidentiality, integrity, and availability means that exploitation could result in severe regulatory and compliance consequences under GDPR and other European data protection laws. The requirement for local access reduces the risk of widespread remote attacks but does not eliminate the threat in environments with inadequate endpoint security or where attackers have already gained initial access.

To mitigate CVE-2025-60717, European organizations should first identify and inventory all systems running Windows 10 Version 1809. Since no official patches are currently linked, organizations should monitor Microsoft security advisories closely and apply patches immediately upon release. In the interim, restrict local access to critical systems by enforcing strict access controls and using endpoint protection solutions to detect and prevent privilege escalation attempts. Disable or limit the use of the Broadcast DVR User Service if it is not required, as reducing the attack surface can mitigate exploitation risk. Consider upgrading affected systems to a supported Windows version with ongoing security updates, such as Windows 10 Version 21H2 or later, or Windows 11. Employ application whitelisting and least privilege principles to minimize the ability of attackers to execute arbitrary code. Regularly audit and monitor logs for suspicious local activity that could indicate exploitation attempts. Finally, conduct user awareness training to reduce the risk of attackers gaining initial local access through social engineering or phishing.