CVE-2025-60708: 
vulnerability analysis and mitigation

An untrusted pointer dereference vulnerability exists in the Storvsp.sys Driver (CVE-2025-60708), discovered and disclosed on November 11, 2025. This vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server editions (NVD).

The vulnerability is classified with a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H. The issue stems from an untrusted pointer dereference in the Storvsp.sys Driver component, which is categorized under CWE-822 (Untrusted Pointer Dereference) (NVD).

When successfully exploited, this vulnerability allows an authorized attacker to cause a denial of service condition locally on the affected system. The impact is primarily focused on system availability, with no direct impact on confidentiality or integrity (NVD).

Microsoft has released security updates to address this vulnerability across affected Windows versions. Updates are available through KB5068864 for Windows Server 2016, KB5068791 for Windows Server 2019, KB5068787 for Windows Server 2022, and various other KB articles for different Windows versions (Rapid7).