Cyber Resilience

CVE-2025-53131

High

Published: 12 August 2025

Published
12 August 2025
Modified
19 August 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0113 78.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-53131 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked in the top 21.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability CVE-2025-53131 is a heap-based buffer overflow, tracked as CWE-122, in the Windows Media component. It was published on 2025-08-12 and assigned a CVSS 3.1 score of 8.8 reflecting network attack vector, low attack complexity, no required privileges, required user interaction, and high impact on confidentiality, integrity, and availability.

An unauthorized attacker can exploit the flaw over a network to execute arbitrary code. The current and peak EPSS scores are both 0.0113, indicating low exploitation probability with no material change after disclosure.

The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53131 addresses the vulnerability.

EU & UK References

Vulnerability details

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Heap buffer overflow in Windows Media enables RCE via opening a malicious file (user interaction required), directly facilitating T1204.002.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-24993Same product: Microsoft Windows 10 1809
CVE-2026-20837Same product: Microsoft Windows 10 1809
CVE-2025-21180Same product: Microsoft Windows 10 1809
CVE-2025-21305Same product: Microsoft Windows 10 1809
CVE-2026-20864Same product: Microsoft Windows 10 1809
CVE-2025-21248Same product: Microsoft Windows 10 1809
CVE-2025-21241Same product: Microsoft Windows 10 1809
CVE-2025-24067Same product: Microsoft Windows 10 1809
CVE-2025-24995Same product: Microsoft Windows 10 1809
CVE-2025-21239Same product: Microsoft Windows 10 1809

Affected Assets

microsoft
windows 10 1809
≤ 10.0.17763.7678 · ≤ 10.0.17763.7678
microsoft
windows 10 21h2
≤ 10.0.19044.6216
microsoft
windows 10 22h2
≤ 10.0.19045.6216
microsoft
windows 11 22h2
≤ 10.0.22621.5768
microsoft
windows 11 23h2
≤ 10.0.22631.5768
microsoft
windows 11 24h2
≤ 10.0.26100.4851
microsoft
windows server 2019
≤ 10.0.17763.7678
microsoft
windows server 2022
≤ 10.0.20348.3989
microsoft
windows server 2022 23h2
≤ 10.0.25398.1791
microsoft
windows server 2025
≤ 10.0.26100.4851

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation through vendor patches to eliminate the heap-based buffer overflow in Windows Media, preventing arbitrary code execution.

prevent

Enforces memory protections such as ASLR and DEP to block unauthorized code execution from heap buffer overflow exploits in Windows Media.

preventdetect

Deploys malicious code protection tools to scan for and prevent execution of malicious media files exploiting the Windows Media buffer overflow.

References