How to fix CVE-2025-60865?

Within 24 hours: Identify all systems running PC Helpsoft Driver Updater and inventory affected versions. Within 7 days: Evaluate if the application is business-critical; if not, uninstall it immediately. For business-critical systems, restrict application access through Windows User Account Control and disable auto-update features. Within 30 days: Monitor vendor advisories for patch availability and establish a mandatory patching schedule upon release; consider alternative driver management solutions if the vendor does not release a timely patch.

Is Windows affected by CVE-2025-60865?

PC Helpsoft Driver Updater versions up to 9.1.57803.1174 contain an improper access control vulnerability that could allow unauthorized users to escalate privileges or access sensitive system functions.

CVE-2025-60865

HIGH

2026-02-03 [email protected]

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 10, 2026 - 20:39 vuln.today

Public exploit code

CVE Published

Feb 03, 2026 - 18:16 nvd

HIGH 7.8

Description

Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component.

Analysis

Pc Helpsoft Driver Updater versions up to 9.1.57803.1174 is affected by improper access control (CVSS 7.8).

Technical Context

This vulnerability (CWE-284: Improper Access Control) exists in the Driver Updater component. Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component.

Affected Products

Vendor: Avanquest. Product: Pc Helpsoft Driver Updater. Versions: up to 9.1.57803.1174. Component: Driver Updater.

Remediation

Monitor vendor advisories for a patch.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +39

POC: +20

CVE-2025-60865 vulnerability details – vuln.today

Back

CVE-2025-60865

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-60865

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code