CVE-2025-60717 is a use-after-free vulnerability classified under CWE-416, found in the Windows Broadcast DVR User Service component of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). Use-after-free vulnerabilities occur when a program continues to use memory after it has been freed, leading to undefined behavior such as memory corruption, crashes, or code execution. In this case, an authorized local attacker can exploit this flaw to elevate privileges on the affected system. The vulnerability requires local access and has a high attack complexity, meaning that exploitation is non-trivial but feasible under certain conditions. No user interaction is required, which increases the risk of automated or stealthy exploitation once local access is obtained. The CVSS v3.1 base score is 7.0, reflecting high impact on confidentiality, integrity, and availability. The vulnerability allows attackers to execute arbitrary code with elevated privileges, potentially leading to full system compromise. Although no public exploits or patches are currently available, the vulnerability has been officially published and reserved by Microsoft, indicating that a fix is likely forthcoming. This vulnerability is particularly relevant for organizations still running Windows 10 Version 1809, which is an older release but may remain in use in some environments due to legacy application dependencies or delayed upgrade cycles.

The primary impact of CVE-2025-60717 is local privilege escalation, enabling attackers with authorized local access to gain higher privileges than intended. This can lead to unauthorized access to sensitive data, modification or deletion of critical system files, installation of persistent malware, and disruption of system availability. For organizations, this elevates the risk of insider threats or attackers who have gained initial footholds through other means (e.g., phishing or physical access) to fully compromise affected systems. The vulnerability affects confidentiality by potentially exposing sensitive information, integrity by allowing unauthorized changes, and availability by enabling denial-of-service conditions or system instability. Since Windows 10 Version 1809 is still used in various enterprise environments, especially in sectors with strict software validation requirements or legacy dependencies, the scope of affected systems can be significant. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, as attackers may develop exploits once the vulnerability details become widely known or patches are released.

Organizations should prioritize upgrading from Windows 10 Version 1809 to a more recent, supported Windows release to eliminate exposure to this vulnerability. Until upgrades are feasible, strict access controls should be enforced to limit local user privileges and restrict access to trusted personnel only. Monitoring and logging of local user activities related to the Broadcast DVR User Service can help detect suspicious behavior. Once Microsoft releases a security patch, it should be applied promptly to affected systems. Additionally, organizations can employ application whitelisting and endpoint detection and response (EDR) solutions to detect and block exploitation attempts. Disabling or restricting the Broadcast DVR User Service, if not required, can reduce the attack surface. Regular vulnerability assessments and penetration testing should include checks for this vulnerability to ensure mitigation effectiveness.