CVE-2025-60720 is a buffer over-read vulnerability classified under CWE-126 found in the Windows TDX.sys driver component of Microsoft Windows 10 Version 1607 (build 10.0.14393.0). The flaw arises from improper bounds checking during memory operations, allowing an attacker with local authorized access to read beyond allocated buffers. This memory corruption can be leveraged to escalate privileges by manipulating kernel memory structures, potentially granting SYSTEM-level access. The vulnerability requires no user interaction and has low attack complexity, but the attacker must already have some level of local privileges. The CVSS v3.1 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability. Although no public exploits are known yet, the vulnerability's nature and affected component suggest it could be leveraged for significant system compromise, including bypassing security controls and executing arbitrary code in kernel mode. The affected Windows 10 Version 1607 is an older release, but still in use in some enterprise environments, especially where legacy applications or hardware compatibility is critical. The vulnerability was publicly disclosed on November 11, 2025, with no patches currently available, increasing the urgency for mitigation planning.

The vulnerability allows an attacker with local authorized access to escalate privileges to SYSTEM level, potentially gaining full control over the affected system. This can lead to unauthorized access to sensitive data, disruption of system operations, installation of persistent malware, and bypassing of security mechanisms. The impact spans confidentiality, integrity, and availability, making it critical for environments handling sensitive information or critical infrastructure. Organizations relying on Windows 10 Version 1607, particularly those unable to upgrade promptly, face increased risk of targeted attacks or insider threats exploiting this flaw. The lack of known exploits in the wild currently limits immediate widespread impact, but the vulnerability’s characteristics make it a prime candidate for future exploitation. Legacy systems in sectors such as government, finance, healthcare, and industrial control are especially vulnerable due to their reliance on older Windows versions and the critical nature of their operations.

1. Apply official patches from Microsoft as soon as they become available to address the buffer over-read in TDX.sys. 2. If patches are not yet released, restrict local access to affected systems by enforcing strict user privilege management and limiting administrative rights. 3. Employ endpoint detection and response (EDR) solutions to monitor for unusual local privilege escalation attempts or kernel-level anomalies. 4. Consider upgrading affected systems from Windows 10 Version 1607 to a supported, updated Windows version to eliminate exposure to this and other legacy vulnerabilities. 5. Implement application whitelisting and kernel-mode driver signing enforcement to reduce the risk of malicious code execution. 6. Conduct regular security audits and vulnerability assessments focusing on legacy systems to identify and remediate similar risks proactively. 7. Educate system administrators and users about the risks of local privilege escalation vulnerabilities and the importance of minimizing unnecessary local access.