CVE-2025-60717 – CVE-2025-60717 is a use-after-free vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2025-60717?

CVE-2025-60717 has a CVSS score of 7.0 (HIGH). CVE-2025-60717 is a use-after-free vulnerability in Windows Broadcast DVR User Service that allows authenticated attackers to execute arbitrary code with elevated privileges. This affects Windows systems where the Broadcast DVR service is enabled. Attackers must already have local access to exploit this vulnerability.

📋 TL;DR

CVE-2025-60717 is a use-after-free vulnerability in Windows Broadcast DVR User Service that allows authenticated attackers to execute arbitrary code with elevated privileges. This affects Windows systems where the Broadcast DVR service is enabled. Attackers must already have local access to exploit this vulnerability.

💻 Affected Systems

Products:

Windows Broadcast DVR User Service

Versions: Specific Windows versions as listed in Microsoft advisory

Operating Systems: Windows 10, Windows 11, Windows Server 2019, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Broadcast DVR service to be enabled. Most consumer and enterprise Windows installations have this service running by default.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with SYSTEM-level privileges, enabling installation of persistent malware, credential theft, and lateral movement across the network.

🟠

Likely Case

Local privilege escalation from standard user to administrator/SYSTEM privileges, allowing attackers to bypass security controls and install additional payloads.

🟢

If Mitigated

Limited impact due to proper access controls, network segmentation, and endpoint protection blocking exploitation attempts.

🌐 Internet-Facing: LOW - Requires local authenticated access, cannot be exploited remotely over the internet.

🏢 Internal Only: HIGH - Significant risk for internal networks where attackers could gain initial access through phishing or other means, then escalate privileges locally.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local authenticated access and knowledge of memory manipulation techniques. Use-after-free vulnerabilities typically require precise timing and memory layout knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60717

Restart Required: Yes

Instructions:

1. Open Windows Update settings
2. Check for updates
3. Install all available security updates
4. Restart the system when prompted

🔧 Temporary Workarounds

Disable Broadcast DVR Service

windows

Disables the vulnerable service if not required for business operations

sc stop BDESVC
sc config BDESVC start= disabled

🧯 If You Can't Patch

Implement strict least privilege access controls to limit local user accounts
Enable exploit protection mechanisms like Control Flow Guard (CFG) and Arbitrary Code Guard (ACG)

🔍 How to Verify

Check if Vulnerable:

Check Windows version and installed updates against Microsoft advisory

Check Version:

winver or systeminfo

Verify Fix Applied:

Verify the specific KB patch from Microsoft advisory is installed via 'wmic qfe list' or PowerShell 'Get-HotFix'

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from Broadcast DVR service
Privilege escalation attempts
Memory corruption events in Windows Event Logs

Network Indicators:

None - local exploitation only

SIEM Query:

EventID=4688 AND NewProcessName LIKE '%powershell%' OR '%cmd%' AND ParentProcessName LIKE '%BDESVC%'

📊 Metadata

CVE ID: CVE-2025-60717

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.06% exploit probability (18.8th percentile)

Published: November 11, 2025

Last Updated: November 17, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60717 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60717, you might also want to check these: