Remote Code Execution Vulnerability in Windows Telephony Service by Microsoft
CVE-2025-21305

8.8HIGH

Key Information:

Summary

The vulnerability in Windows Telephony Service allows an attacker to execute arbitrary code on the affected system. By sending specially crafted requests, a malicious actor can exploit this weakness to gain unauthorized access and control over the system, potentially compromising sensitive data and disrupting service availability. It is crucial for organizations to promptly apply security updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20890

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7699

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.6775

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.