What is the CVSS score of CVE-2025-60865?

CVE-2025-60865 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Windows are affected by CVE-2025-60865?

PC Helpsoft Driver Updater versions up to 9.1.57803.1174 contain an improper access control vulnerability that could allow unauthorized users to escalate privileges or access sensitive system…

Is there a public PoC exploit available for CVE-2025-60865?

Yes, a public proof-of-concept exploit is available for CVE-2025-60865. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-60865?

Within 24 hours: Identify all systems running PC Helpsoft Driver Updater and inventory affected versions. Within 7 days: Evaluate if the application is business-critical; if not, uninstall it immediately. For business-critical systems, restrict application access through Windows User Account Control and disable auto-update features. Within 30 days: Monitor vendor advisories for patch availability and establish a mandatory patching schedule upon release; consider alternative driver management solutions if the vendor does not release a timely patch.

Windows CVE-2025-60865

HIGH

Improper Access Control (CWE-284)

2026-02-03 cve@mitre.org

Windows Pc Helpsoft Driver Updater

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 10, 2026 - 20:39 vuln.today

Public exploit code

CVE Published

Feb 03, 2026 - 18:16 nvd

HIGH 7.8

DescriptionCVE.org

Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component.

AnalysisAI

Pc Helpsoft Driver Updater versions up to 9.1.57803.1174 is affected by improper access control (CVSS 7.8).

Technical ContextAI

This vulnerability (CWE-284: Improper Access Control) exists in the Driver Updater component. Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component.