CVE-2025-21190
Published: 11 February 2025
Summary
CVE-2025-21190 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 37.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the specific buffer overflow vulnerability in Windows Telephony Service by applying vendor patches from the MSRC advisory.
Restricts or disables the unnecessary Windows Telephony Service to eliminate the attack surface for remote exploitation.
Implements memory protections like ASLR and DEP to mitigate heap-based buffer overflow exploits leading to RCE.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
RCE in network-accessible Windows service directly enables remote service exploitation (T1210) leading to arbitrary command execution (T1059).
NVD Description
Windows Telephony Service Remote Code Execution Vulnerability
Deeper analysisAI
CVE-2025-21190 is a Remote Code Execution vulnerability affecting the Windows Telephony Service. Published on 2025-02-11, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-122 and NVD-CWE-noinfo.
An unauthenticated attacker with network access can exploit this vulnerability through low-complexity attacks that require user interaction. Successful exploitation enables remote code execution with high impacts on confidentiality, integrity, and availability.
The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21190 provides details on patches and mitigation guidance.
Details
- CWE(s)