CVE-2025-21250
Published: 14 January 2025
Summary
CVE-2025-21250 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 20.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-21250 is a remote code execution vulnerability in the Windows Telephony Service, carrying a CVSS 3.1 base score of 8.8. The flaw is associated with CWE-122 and permits an attacker to execute arbitrary code on an affected Windows system when specific conditions are met over the network.
An unauthenticated remote attacker can trigger the issue by sending a malicious request that requires user interaction on the target system. Successful exploitation grants full control over confidentiality, integrity, and availability of the affected host, consistent with the CVSS vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Microsoft publishes mitigation guidance and patch availability for this vulnerability through its Security Response Center at the referenced advisory URL. The current EPSS score of 0.0122, with a recorded peak of 0.0164, remains low and shows no material increase that would indicate rising exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2316
Vulnerability details
Windows Telephony Service Remote Code Execution Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
RCE in remotely accessible Windows Telephony Service directly maps to exploitation of remote services.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely patching of the specific buffer overflow vulnerability in Windows Telephony Service to prevent remote code execution.
Provides memory protections such as ASLR and DEP that mitigate exploitation of the buffer overflow leading to RCE in the service.
Enforces input validation to counter buffer overflows triggered by crafted content processed by the Windows Telephony Service.