CVE-2025-60723: 
vulnerability analysis and mitigation

A race condition vulnerability was identified in Windows DirectX (CVE-2025-60723) that affects the DirectX Graphics Kernel. The vulnerability was disclosed on November 11, 2025, and allows an authorized attacker to execute a denial of service attack over a network. This vulnerability impacts multiple versions of Windows operating systems, including Windows 10, Windows 11, and Windows Server editions (NVD).

The vulnerability is classified as a concurrent execution issue using shared resource with improper synchronization, also known as a race condition (CWE-362). It has been assigned a CVSS 3.1 base score of 6.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H. The vulnerability is also associated with CWE-416 (Use After Free) (NVD, Rapid7).

When successfully exploited, this vulnerability can lead to denial of service conditions in affected systems. The attack requires network access and can be executed remotely, though it needs low privileged access and has high attack complexity (NVD).

Microsoft has released security updates to address this vulnerability across affected systems. The patches are available through various KB articles including KB5068791 for Windows 10 1809, KB5068781 for Windows 10 21H2/22H2, KB5068865 for Windows 11 23H2, and KB5068861 for Windows 11 24H2/25H2 (Rapid7).