CVE-2025-60723 is a concurrency vulnerability classified as CWE-362 (Race Condition) found in the DirectX component of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The flaw arises from improper synchronization when multiple threads or processes access shared resources concurrently, leading to unpredictable behavior. An authorized attacker with low privileges can exploit this race condition remotely over a network to trigger a denial of service (DoS) condition, causing system instability or crashes. The vulnerability does not require user interaction, increasing its potential impact in automated or unattended environments. The CVSS v3.1 score is 6.3 (medium), reflecting network attack vector, low attack complexity, and no confidentiality or integrity impact, but high impact on availability. No public exploits or patches are currently available, but the vulnerability has been officially published and reserved by Microsoft. This issue affects a legacy Windows 10 version still in use in many enterprise environments, particularly where DirectX is utilized for graphics or multimedia processing. The race condition could be triggered by specially crafted network packets or commands that manipulate DirectX shared resources, leading to resource contention and system failure. The scope is confined to Windows 10 1809, but given the widespread deployment of this OS version in corporate and industrial settings, the risk remains significant until patched.

For European organizations, the primary impact of CVE-2025-60723 is the potential for denial of service attacks against systems running Windows 10 Version 1809. This can disrupt business operations, especially in sectors relying on continuous availability such as finance, manufacturing, healthcare, and critical infrastructure. The vulnerability could be exploited remotely by attackers with low privileges, increasing the risk of automated or large-scale attacks targeting vulnerable endpoints. Although confidentiality and integrity are not affected, availability disruptions can lead to operational downtime, financial losses, and reputational damage. Organizations using legacy Windows 10 systems in networked environments are particularly at risk. The lack of current patches means that mitigation relies on network controls and system hardening until updates are released. Given the importance of Windows 10 in European enterprises and public sector institutions, this vulnerability poses a moderate operational threat that requires timely attention.

1. Prioritize upgrading or patching Windows 10 Version 1809 systems as soon as Microsoft releases a security update addressing CVE-2025-60723. 2. Until patches are available, restrict network access to vulnerable systems by implementing strict firewall rules and network segmentation to limit exposure to untrusted networks. 3. Monitor network traffic for unusual or malformed packets targeting DirectX services or related components. 4. Employ endpoint detection and response (EDR) solutions to detect abnormal process behavior or crashes related to DirectX. 5. Review and minimize the number of systems running legacy Windows 10 versions, migrating to supported OS versions where possible. 6. Educate system administrators about the vulnerability and encourage rapid incident response readiness. 7. Disable or limit DirectX usage on systems where it is not essential to reduce the attack surface. 8. Implement robust backup and recovery procedures to mitigate the impact of potential DoS-induced outages.