CVE-2025-21286
Published: 14 January 2025
Summary
CVE-2025-21286 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 10.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-21286 is a remote code execution vulnerability in the Windows Telephony Service, carrying a CVSS 3.1 base score of 8.8. The flaw is associated with CWE-122 and affects the telephony component responsible for handling call and device management functions on Windows systems.
An attacker can exploit the issue over a network with low attack complexity and without requiring authentication. Successful exploitation requires the victim to interact with attacker-supplied content, after which the attacker can achieve full confidentiality, integrity, and availability impact on the affected system.
Microsoft has published an advisory for the vulnerability at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21286. The current EPSS score of 0.0444 shows no material increase from its recorded peak, indicating limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2351
Vulnerability details
Windows Telephony Service Remote Code Execution Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
RCE vulnerability in Windows Telephony Service exploitable remotely over the network directly enables T1210 Exploitation of Remote Services.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the vulnerability by requiring timely remediation through patching the specific flaw in Windows Telephony Service.
Implements memory protections like DEP and ASLR that comprehensively counter remote code execution via buffer overflows (CWE-122) in the service.
Enforces least functionality by disabling unnecessary Windows Telephony Service, eliminating the attack surface for remote exploitation.