CVE-2025-60720

Q: What is the severity of CVE-2025-60720?

CVE-2025-60720 has a CVSS score of 7.8 (HIGH). A buffer over-read vulnerability in Windows TDX.sys allows an authenticated attacker to read beyond allocated memory boundaries, potentially leading to local privilege escalation. This affects Windows systems with the vulnerable driver component. Attackers must already have local access to exploit this vulnerability.

7.8 HIGH

📋 TL;DR

A buffer over-read vulnerability in Windows TDX.sys allows an authenticated attacker to read beyond allocated memory boundaries, potentially leading to local privilege escalation. This affects Windows systems with the vulnerable driver component. Attackers must already have local access to exploit this vulnerability.

💻 Affected Systems

Products:

Microsoft Windows

Versions: Specific versions not yet detailed in public advisory

Operating Systems: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with TDX.sys driver component. Requires local authenticated access to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with SYSTEM privileges, enabling installation of persistent malware, credential theft, and lateral movement across the network.

🟠

Likely Case

Local privilege escalation from standard user to administrator/SYSTEM level, allowing installation of additional malware or bypassing security controls.

🟢

If Mitigated

Limited impact due to proper access controls, application whitelisting, and network segmentation preventing lateral movement.

🌐 Internet-Facing: LOW - Requires local authenticated access, cannot be exploited remotely over the internet.

🏢 Internal Only: HIGH - Any compromised user account or malware with local execution can exploit this to gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local authenticated access and knowledge of memory layout. Buffer over-read vulnerabilities typically require additional steps to achieve reliable exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60720

Restart Required: Yes

Instructions:

1. Open Windows Update Settings
2. Click 'Check for updates'
3. Install all available security updates
4. Restart system when prompted

🔧 Temporary Workarounds

Restrict local user privileges

windows

Limit standard user accounts to prevent initial access required for exploitation

Enable Windows Defender Application Control

windows

Use application whitelisting to prevent unauthorized code execution

🧯 If You Can't Patch

Implement strict network segmentation to limit lateral movement
Deploy endpoint detection and response (EDR) solutions with privilege escalation monitoring

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for missing security patches related to CVE-2025-60720

Check Version:

winver

Verify Fix Applied:

Verify the latest security updates are installed via 'winver' command and Windows Update history

📡 Detection & Monitoring

Log Indicators:

Unusual privilege escalation events in Windows Security logs
Suspicious driver loading events
Process creation with unexpected parent-child relationships

Network Indicators:

Unusual outbound connections from newly privileged accounts
Lateral movement attempts following local privilege escalation

SIEM Query:

EventID=4688 AND NewProcessName LIKE '%*%' AND ParentProcessName IN ('cmd.exe', 'powershell.exe') AND SubjectUserName NOT IN (admin_users_list)

📊 Metadata

CVE ID: CVE-2025-60720

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-126

EPSS Score: 0.07% exploit probability (20.2th percentile)

Published: November 11, 2025

Last Updated: November 17, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60720 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows 11 25h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict local user privileges

Enable Windows Defender Application Control

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities