CVE-2025-53144

High

Published: 12 August 2025

Published

12 August 2025

Modified

18 August 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0867 92.5th percentile

Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-53144 is a high-severity Type Confusion (CWE-843) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 7.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the type confusion vulnerability by requiring timely identification, reporting, and correction through patching as provided by Microsoft.

CM-7 Least Functionality good match

prevent

Prevents exploitation by configuring systems to disable unnecessary functionality like Windows Message Queuing when not required, eliminating the attack surface.

SC-7 Boundary Protection partial match

prevent

Limits network exposure of the Message Queuing service by enforcing boundary protections such as firewalls to restrict remote access despite low-privilege requirements.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

Why these techniques?

Type confusion in MSMQ directly enables remote code execution against a network-accessible Windows service (T1190/T1210).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.

Deeper analysisAI

CVE-2025-53144 is a type confusion vulnerability (CWE-843) affecting Windows Message Queuing, a component of Microsoft Windows operating systems. It enables an authorized attacker to access resources using incompatible types, leading to remote code execution over a network. The vulnerability has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.

An attacker requires low-level privileges (PR:L) on the target system, such as those granted to a standard authenticated user, and network access to the affected Windows Message Queuing service. Exploitation does not require user interaction and can be performed remotely with low complexity, allowing the attacker to execute arbitrary code in the context of the Message Queuing service, potentially leading to full system compromise.

Microsoft's Security Response Center (MSRC) provides details on mitigation and patching in its update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53144, which was published on 2025-08-12. Security practitioners should consult this advisory for available patches and workarounds to address the vulnerability.

Details

CWE(s): CWE-843

Affected Products

microsoft

windows 10 1507

≤ 10.0.10240.21100 · ≤ 10.0.10240.21100

microsoft

windows 10 1607

≤ 10.0.14393.8330 · ≤ 10.0.14393.8330

microsoft

windows 10 1809

≤ 10.0.17763.7678 · ≤ 10.0.17763.7678

microsoft

windows 10 21h2

≤ 10.0.19044.6216

microsoft

windows 10 22h2

≤ 10.0.19045.6216

microsoft

windows 11 22h2

≤ 10.0.22621.5768

microsoft

windows 11 23h2

≤ 10.0.22631.5768

microsoft

windows 11 24h2

≤ 10.0.26100.4851

microsoft

windows server 2008

all versions, r2

microsoft

windows server 2012

all versions, r2

+5 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2025-53143Same product: Microsoft Windows 10 1507

CVE-2025-53145Same product: Microsoft Windows 10 1507

CVE-2025-47981Same product: Microsoft Windows 10 1507

CVE-2025-24035Same product: Microsoft Windows 10 1507

CVE-2026-20860Same product: Microsoft Windows 10 1607

CVE-2025-21250Same product: Microsoft Windows 10 1507

CVE-2025-50177Same product: Microsoft Windows 10 1507

CVE-2025-21369Same product: Microsoft Windows 10 1507

CVE-2025-21246Same product: Microsoft Windows 10 1507

CVE-2025-21406Same product: Microsoft Windows 10 1507

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53144
Vendor Advisory · secure@microsoft.com