CVE-2025-60720 is a buffer over-read vulnerability classified under CWE-126, found in the Windows TDX.sys driver component of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The vulnerability occurs due to improper validation of memory boundaries within the TDX.sys driver, which is part of the Trusted Domain Extensions (TDX) technology used for hardware-assisted virtualization and isolation. An authorized attacker with local access can exploit this flaw to read beyond allocated memory buffers, potentially accessing sensitive kernel memory. This memory disclosure can lead to elevation of privileges by manipulating kernel data structures or bypassing security controls. The CVSS v3.1 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and requiring only low privileges but no user interaction. No public exploits have been reported yet, and Microsoft has not published a patch at the time of disclosure. The vulnerability is significant because it affects a legacy Windows 10 version still in use in many enterprise environments, particularly those with strict compliance requirements or legacy application dependencies. Exploitation could allow attackers to gain SYSTEM-level privileges from a local account, facilitating further compromise or persistence on affected machines.

For European organizations, this vulnerability poses a serious risk especially in environments where Windows 10 Version 1809 remains deployed due to legacy application compatibility or delayed upgrade cycles. Successful exploitation could lead to unauthorized privilege escalation, enabling attackers to execute arbitrary code with SYSTEM privileges, access sensitive data, or disrupt critical services. This is particularly concerning for sectors such as finance, healthcare, government, and critical infrastructure, where confidentiality and integrity of data are paramount and regulatory compliance (e.g., GDPR) is mandatory. The ability to elevate privileges locally means that insider threats or attackers who have gained limited access could leverage this vulnerability to deepen their foothold. Additionally, the lack of user interaction requirement facilitates stealthy exploitation. Although no known exploits are currently active, the high CVSS score and potential impact necessitate proactive mitigation to prevent future attacks.

1. Prioritize upgrading or patching Windows 10 Version 1809 systems as soon as Microsoft releases an official security update addressing CVE-2025-60720. 2. Until patches are available, restrict local access to vulnerable systems by enforcing strict access controls and limiting administrative privileges. 3. Employ endpoint detection and response (EDR) solutions to monitor for anomalous local privilege escalation attempts or suspicious activity involving the TDX.sys driver. 4. Harden systems by disabling unnecessary services and features related to virtualization or TDX if not required in the environment. 5. Conduct regular audits of user accounts and permissions to minimize the number of authorized users who could exploit this vulnerability. 6. Implement application whitelisting and behavior-based detection to prevent execution of unauthorized code post-escalation. 7. Educate IT staff and users about the risks of local privilege escalation vulnerabilities and the importance of timely patching and system upgrades.