CVE-2025-21244
Published: 14 January 2025
Summary
CVE-2025-21244 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 22.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-21244 is a remote code execution vulnerability in the Windows Telephony Service. The affected component is the Telephony service component of Microsoft Windows, as indicated by the vulnerability title and its assignment of CWE-190 alongside an NVD-CWE-noinfo entry. It carries a CVSS 3.1 base score of 8.8.
An unauthenticated remote attacker can exploit the flaw over a network by convincing a user to perform a specific action, resulting in arbitrary code execution with high impact to confidentiality, integrity, and availability. The attack vector requires no privileges and low attack complexity once user interaction occurs.
The sole reference points to the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21244, which security practitioners should consult for official patch availability and mitigation guidance. The EPSS score remains low, with a current value of 0.0098 and a peak of 0.0176.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2311
Vulnerability details
Windows Telephony Service Remote Code Execution Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
RCE in remotely accessible Windows Telephony Service (network vector + UI:R) directly enables exploitation of remote services and client-side execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the integer overflow vulnerability in Windows Telephony Service through timely identification, testing, and application of Microsoft patches.
Implements memory safeguards like ASLR and DEP that disrupt remote code execution exploits targeting the integer overflow even if unpatched.
Restricts system to least functionality by disabling unnecessary Windows Telephony Service, eliminating exposure to remote exploitation.