CVE-2025-60717

🔴 HIGH

Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.

Published

Nov 11, 2025

Last Modified

Nov 17, 2025

Views

Bookmarks

Description

Request Expert Review

Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.

Affected Products (10)

microsoft - windows_10_1809

Version: *

microsoft - windows_10_1809

Version: *

microsoft - windows_10_21h2

Version: *

microsoft - windows_10_22h2

Version: *

microsoft - windows_11_23h2

Version: *

microsoft - windows_11_24h2

Version: *

microsoft - windows_11_25h2

Version: *

microsoft - windows_server_2019

Version: *

microsoft - windows_server_2022_23h2

Version: *

microsoft - windows_server_2025

Version: *

CVSS Scores

CVSS 3.1 7.0

7.0

HIGH

CVSS 2.0 7.0

References

msrc.microsoft.com

Additional Information

Source: secure@microsoft.com
State: Analyzed

Related CVEs

CVE-2025-14705

CRITICAL

A vulnerability was determined in Shiguangwu sgwbox N3 2.0.25. This affects an unknown function of the component SHARESERVER Feature. This manipulatio...

Score: 9.8

CVE-2025-14704

HIGH

A vulnerability was found in Shiguangwu sgwbox N3 2.0.25. The impacted element is an unknown function of the file /eshell of the component API. The ma...

Score: 7.3

CVE-2025-67906

MEDIUM

In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.

Score: 5.4

CVE-2025-14703

MEDIUM

A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function of the file /fsnotify of the component POST...

Score: 5.3

CVE-2025-14702

MEDIUM

A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashAct...

Score: 4.4

CVE-2025-13740

MEDIUM

The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `lightweight-accordion` shortcode in all...

Score: 6.4

Share CVE-2025-60717

Share on Social Media

Copy Link

Embed Code

HTML Embed (for websites/blogs)

Markdown (for GitHub/Discord)

Request Expert Analysis

Request a professional security analysis for CVE-2025-60717 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Priority Level

SLA Acceleration (50% faster delivery)

Add 3 credits for accelerated delivery

Additional Context (Optional)

Base Cost: 8 credits

Priority Upgrade: + credits

SLA Acceleration: +3 credits

Total Cost:

Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

CVE-2025-60717

Description

Affected Products (10)

microsoft - windows_10_1809

microsoft - windows_10_1809

microsoft - windows_10_21h2

microsoft - windows_10_22h2

microsoft - windows_11_23h2

microsoft - windows_11_24h2

microsoft - windows_11_25h2

microsoft - windows_server_2019

microsoft - windows_server_2022_23h2

microsoft - windows_server_2025

CVSS Scores

References

Additional Information

Related CVEs

CVE-2025-14705

CVE-2025-14704

CVE-2025-67906

CVE-2025-14703

CVE-2025-14702

CVE-2025-13740

Share CVE-2025-60717

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Credits System

Insufficient Credits

Report Analysis