CVE-2025-60706: 
vulnerability analysis and mitigation

Out-of-bounds read vulnerability (CVE-2025-60706) in Windows Hyper-V was disclosed on November 11, 2025. This vulnerability affects multiple versions of Windows systems including Windows 10, Windows 11, Windows Server 2016, 2019, 2022, and 2025. The vulnerability allows an authorized attacker to disclose information locally (NVD, Rapid7).

The vulnerability is classified as an out-of-bounds read issue in Windows Hyper-V with a CVSS v3.1 base score of 5.5 (Medium) and vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is tracked under CWE-125 (Out-of-bounds Read) (NVD).

When successfully exploited, this vulnerability allows an authorized attacker to disclose information locally. The vulnerability primarily affects the confidentiality of the system, with no direct impact on integrity or availability (Rapid7).

Microsoft has released security updates to address this vulnerability. System administrators should apply the relevant patches for their affected systems, including KB5068864 for Windows Server 2016, KB5068791 for Windows Server 2019, KB5068787 for Windows Server 2022, and KB5068861 for Windows Server 2025 (Rapid7).