CVE-2025-60723 is a medium-severity race condition vulnerability identified in the Windows DirectX component of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The flaw arises from improper synchronization when multiple threads concurrently access shared resources, leading to a race condition (CWE-362). This synchronization issue can be exploited by an authorized attacker with low privileges to cause a denial of service (DoS) remotely over a network. The attacker does not require user interaction but must have network access and low-level privileges on the target system. The vulnerability impacts availability by potentially crashing or destabilizing the DirectX component or the system itself, but it does not affect confidentiality or integrity of data. The CVSS v3.1 score is 6.3, reflecting medium severity due to the high attack complexity and requirement for privileges, but with a network attack vector and no user interaction needed. No known exploits are currently in the wild, and no official patches have been released as of the publication date (November 11, 2025). The vulnerability is specific to Windows 10 Version 1809, an older release that is nearing or past end-of-support, increasing risk for organizations that have not upgraded. DirectX is widely used in multimedia and graphical applications, so systems running such workloads are particularly vulnerable to service disruption. The race condition could lead to system instability or crashes, impacting business continuity.

For European organizations, the primary impact is denial of service on systems running Windows 10 Version 1809, especially those utilizing DirectX for graphical or multimedia processing. This can disrupt critical business operations, particularly in sectors like manufacturing, media, gaming, and any industry relying on graphical processing or remote access to such systems. The inability to maintain availability could lead to operational downtime, loss of productivity, and potential financial losses. Since the vulnerability requires low privileges but network access, exposed systems on corporate networks or accessible remotely are at risk. Organizations still using legacy Windows 10 1809 systems face increased exposure, as this version is no longer mainstream supported, limiting patch availability. The lack of confidentiality or integrity impact reduces risk of data breaches, but service disruption can indirectly affect compliance and service level agreements. European entities with critical infrastructure or government systems running legacy Windows 10 versions may face heightened risk due to targeted attacks aiming to disrupt services.

1. Prioritize upgrading or migrating systems from Windows 10 Version 1809 to a supported and patched Windows version to eliminate the vulnerability. 2. Restrict network access to vulnerable systems by implementing strict firewall rules, network segmentation, and VPN access controls to limit exposure. 3. Enforce the principle of least privilege to reduce the ability of low-privileged users to exploit the vulnerability. 4. Monitor network traffic and system logs for unusual activity related to DirectX or service crashes that may indicate exploitation attempts. 5. Disable or limit the use of DirectX on systems where it is not essential to reduce the attack surface. 6. Implement application whitelisting and endpoint protection solutions capable of detecting anomalous behavior related to race conditions or denial of service attempts. 7. Prepare incident response plans specifically addressing potential denial of service scenarios affecting critical graphical or multimedia services. 8. Stay informed on Microsoft’s security advisories for any forthcoming patches or mitigations related to this CVE and apply them promptly once available.