CVE-2025-53145
Published: 12 August 2025
Summary
CVE-2025-53145 is a high-severity Type Confusion (CWE-843) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 4.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-53145 is a type confusion vulnerability (CWE-843) affecting Windows Message Queuing. The flaw permits an attacker to access a resource using an incompatible type, which can be leveraged to corrupt memory or alter control flow within the queuing service.
An authorized attacker with network access can exploit the issue without user interaction. Successful exploitation grants the ability to execute arbitrary code with the privileges of the affected service, resulting in full compromise of confidentiality, integrity, and availability on the target system.
The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53145 supplies official guidance, including available patches and recommended mitigations for the affected Windows versions.
The associated EPSS score stands at 0.2284 with no material change from its recorded peak, indicating moderate but stable exploitation interest since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24322
Vulnerability details
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Type confusion in MSMQ service directly enables remote code execution by an authenticated low-privileged attacker over the network.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates CVE-2025-53145 by requiring timely application of vendor patches as detailed in the MSRC update guide.
Restricts or disables unnecessary functionality like Windows Message Queuing to eliminate exposure to this network-service vulnerability.
Implements memory safeguards such as DEP and ASLR that impede arbitrary code execution from type confusion exploits.