CVE-2025-21246
Published: 14 January 2025
Summary
CVE-2025-21246 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 23.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-21246 is a remote code execution vulnerability affecting the Windows Telephony Service. It carries a CVSS 3.1 score of 8.8 with the vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H and is associated with CWE-122 and CWE-125.
An unauthenticated attacker can exploit the flaw over the network by convincing a user to perform an action that triggers the vulnerable code path, resulting in arbitrary code execution with full control over confidentiality, integrity, and availability on the affected system.
Microsoft publishes mitigation and patch information for this issue through its Security Response Center at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21246.
The associated EPSS score remains low, with a current value of 0.0090 and a recorded peak of 0.0121.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2313
Vulnerability details
Windows Telephony Service Remote Code Execution Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated network exploitation of Windows Telephony Service buffer overflow directly maps to exploitation of remote services for RCE.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the RCE vulnerability by requiring timely patching of the heap-based buffer overflow in Windows Telephony Service as provided by Microsoft.
Prevents remote exploitation by validating network inputs to the telephony service, addressing the root causes of heap buffer overflow and out-of-bounds read.
Mitigates successful heap-based exploits through memory protections that restrict code execution and modifications in privileged memory regions.