CVE-2025-60723 is a race condition vulnerability classified under CWE-362 affecting Microsoft Windows 10 Version 1809, specifically within the DirectX graphics subsystem. The vulnerability arises from improper synchronization when multiple concurrent threads access shared resources, leading to a race condition. This flaw can be exploited by an authorized attacker with low privileges over a network to cause a denial of service (DoS) condition by crashing or hanging the affected system. The vulnerability does not compromise confidentiality or integrity but impacts system availability. The CVSS v3.1 score is 6.3 (medium severity), reflecting network attack vector (AV:N), high attack complexity (AC:H), low privileges required (PR:L), no user interaction (UI:N), and scope change (S:C) indicating that the impact extends beyond the vulnerable component. The vulnerability was reserved on 2025-09-26 and published on 2025-11-11, with no known exploits in the wild or patches available at the time of reporting. The affected version is Windows 10 build 17763.0 (Version 1809), which remains in use in some enterprise environments despite being superseded by newer releases. The race condition could be triggered remotely, making it a concern for network-exposed systems running this Windows version, especially those utilizing DirectX for multimedia or graphical processing tasks. The lack of patches necessitates proactive mitigation to reduce exposure.

For European organizations, the primary impact of CVE-2025-60723 is the potential for denial of service attacks that disrupt availability of critical systems running Windows 10 Version 1809. This can affect business continuity, especially in sectors relying on graphical processing such as media production, design, and certain industrial applications. Network-exposed systems are at risk, and attackers with low privileges could remotely trigger system crashes or hangs, leading to operational downtime. While confidentiality and integrity are not directly affected, availability disruptions can cause significant financial and reputational damage. Organizations with legacy systems still running this Windows version are particularly vulnerable. The absence of patches increases the risk window, and the medium CVSS score reflects the moderate but non-trivial threat level. European entities with remote access services or weak network segmentation may face elevated risk. Additionally, critical infrastructure operators using affected systems could experience service interruptions, impacting broader societal functions.

1. Immediately identify and inventory all systems running Windows 10 Version 1809, focusing on those using DirectX and exposed to network access. 2. Restrict network access to vulnerable systems by implementing strict firewall rules, network segmentation, and limiting exposure to untrusted networks. 3. Apply the principle of least privilege to reduce the ability of low-privileged users to exploit the vulnerability. 4. Monitor system logs and network traffic for signs of unusual crashes, hangs, or denial of service attempts related to DirectX processes. 5. Disable or limit DirectX usage on systems where it is not essential to reduce the attack surface. 6. Prepare for patch deployment by tracking Microsoft advisories closely, as no patches are currently available. 7. Employ endpoint detection and response (EDR) tools to detect anomalous behavior indicative of exploitation attempts. 8. Educate IT staff about this vulnerability to ensure rapid response and containment if exploitation is suspected. 9. Consider upgrading affected systems to supported Windows versions where this vulnerability is not present or has been patched.