CVE-2025-21240
Published: 14 January 2025
Summary
CVE-2025-21240 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 20.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-21240 is a remote code execution vulnerability affecting the Windows Telephony Service. It carries a CVSS 3.1 base score of 8.8 and is associated with CWE-122. The flaw permits an attacker to execute arbitrary code on an affected Windows system when the vulnerability is triggered.
An unauthenticated remote attacker can exploit the issue over the network with low attack complexity and no privileges, provided the victim performs a user interaction such as opening a specially crafted file or visiting a malicious link. Successful exploitation grants the attacker full confidentiality, integrity, and availability impact on the target system.
Microsoft has published an advisory for CVE-2025-21240 that details available patches and remediation guidance. The EPSS score remains low, with a recorded peak of 0.0164 and a current value of 0.0122.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2307
Vulnerability details
Windows Telephony Service Remote Code Execution Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
RCE vuln in Windows service with AV:N/AC:L/PR:N/UI:R directly enables client-side exploitation for arbitrary code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates CVE-2025-21240 by requiring timely patching of the Windows Telephony Service remote code execution vulnerability.
Implements memory protections like ASLR and DEP that defend against exploitation of the CWE-122 buffer overflow in Windows Telephony Service.
Enables identification of unpatched instances of CVE-2025-21240 through vulnerability scanning of Windows systems.