CVE-2025-60708

6.5 MEDIUM

Denial of Service

📋 TL;DR

CVE-2025-60708 is an untrusted pointer dereference vulnerability in the Storvsp.sys driver that allows an authenticated attacker to cause a local denial of service (system crash/BSOD). This affects Windows systems using the affected storage virtualization driver component.

💻 Affected Systems

Products:

• Microsoft Windows

Versions: Specific versions not yet detailed in initial advisory

Operating Systems: Windows 10, Windows 11, Windows Server 2016/2019/2022

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the Storvsp.sys driver component which is present in standard Windows installations with virtualization features.

📦 What is this software?

Windows 10 1607 by Microsoft

View all CVEs affecting Windows 10 1607 →

Windows 10 1809 by Microsoft

View all CVEs affecting Windows 10 1809 →

Windows 10 21h2 by Microsoft

View all CVEs affecting Windows 10 21h2 →

Windows 10 22h2 by Microsoft

View all CVEs affecting Windows 10 22h2 →

Windows 11 23h2 by Microsoft

View all CVEs affecting Windows 11 23h2 →

Windows 11 24h2 by Microsoft

View all CVEs affecting Windows 11 24h2 →

Windows 11 25h2 by Microsoft

View all CVEs affecting Windows 11 25h2 →

Windows Server 2016 by Microsoft

View all CVEs affecting Windows Server 2016 →

Windows Server 2019 by Microsoft

View all CVEs affecting Windows Server 2019 →

Windows Server 2022 by Microsoft

View all CVEs affecting Windows Server 2022 →

Windows Server 2022 23h2 by Microsoft

View all CVEs affecting Windows Server 2022 23h2 →

Windows Server 2025 by Microsoft

View all CVEs affecting Windows Server 2025 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash/BSOD leading to downtime and potential data loss if unsaved work exists.

🟠

Likely Case

Local denial of service causing system instability or reboot, disrupting user productivity.

🟢

If Mitigated

Minimal impact if proper access controls limit local user privileges and monitoring detects abnormal driver behavior.

🌐 Internet-Facing: LOW - Requires local authenticated access, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Malicious insiders or compromised accounts could exploit this to disrupt systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local authenticated access and knowledge of driver interaction. No public exploit details available yet.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60708

Restart Required: Yes

Instructions:

1. Apply latest Windows security updates via Windows Update. 2. For enterprise: Deploy through WSUS or Microsoft Update Catalog. 3. Verify update installation and restart systems as required.

🔧 Temporary Workarounds

Restrict local user privileges

windows

Limit standard user accounts to prevent driver manipulation

Disable unnecessary virtualization features

windows

Reduce attack surface by disabling unused storage virtualization components

🧯 If You Can't Patch

• Implement strict access controls to limit who has local administrative or standard user access
• Monitor system logs for driver crashes or abnormal Storvsp.sys behavior

🔍 How to Verify

Check if Vulnerable:

Copy

Check if Storvsp.sys driver version is vulnerable via driver properties or system information

Check Version:

Copy

wmic datafile where name='C:\\Windows\\System32\\drivers\\storvsp.sys' get version

Verify Fix Applied:

Copy

Verify Windows Update history contains the relevant security update and check driver version after patch

📡 Detection & Monitoring

Log Indicators:

• System event logs showing driver crashes (Event ID 1001)
• Blue screen crash dumps referencing storvsp.sys

Network Indicators:

• No network indicators - local exploitation only

SIEM Query:

Copy

EventID=1001 AND Source="Windows Error Reporting" AND Description="*storvsp.sys*"

📊 Metadata

CVE ID: CVE-2025-60708

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE: CWE-822

EPSS Score: 0.06% exploit probability (17.4th percentile)

Published: November 11, 2025

Last Updated: November 17, 2025

🔗 References

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60708 Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60708, you might also want to check these:

CVE-2025-50165 9.8

This critical vulnerability in Microsoft Graphics Component allows remote attackers to execute arbit...

Same vulnerability type (CWE-822)

CVE-2023-1437 9.8

This vulnerability in Advantech WebAccess/SCADA allows attackers to send malicious RPC arguments con...

Same vulnerability type (CWE-822)

CVE-2025-1255 9.1

CVE-2025-1255 is an untrusted pointer dereference vulnerability in RTI Connext Professional Core Lib...

Same vulnerability type (CWE-822)