CVE-2025-21237
Published: 14 January 2025
Summary
CVE-2025-21237 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 23.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Deeper analysis
Windows Telephony Service contains a remote code execution vulnerability tracked as CVE-2025-21237. The flaw is present in the Windows Telephony Service component and carries a CVSS 3.1 base score of 8.8 with the vector string AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. It is also associated with CWE-122.
An unauthenticated remote attacker can trigger the issue over the network when a user interacts with specially crafted content, resulting in arbitrary code execution with the privileges of the Telephony Service and full confidentiality, integrity, and availability impact on the affected system.
Microsoft has published an advisory and corresponding security update for the vulnerability at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21237. The current EPSS score of 0.0091 with a recorded peak of 0.0121 does not indicate a material increase in observed exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2304
Vulnerability details
Windows Telephony Service Remote Code Execution Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
RCE via remote network exploitation of Windows Telephony Service (buffer overflow) directly maps to T1210 (remote service exploitation) and T1203 (client execution with UI trigger).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates identification, reporting, and timely remediation of flaws such as the heap-based buffer overflow in Windows Telephony Service via patching.
Provides memory protection mechanisms like ASLR and DEP that mitigate successful exploitation of heap-based buffer overflows leading to RCE.
Requires validation of information inputs to prevent buffer overflows from malformed data targeting the Windows Telephony Service.