Remote Code Execution Vulnerability in Windows Telephony Service by Microsoft
CVE-2025-21305
8.8HIGH
Key Information:
- Vendor
- Microsoft
- Status
- Vendor
- CVE Published:
- 14 January 2025
Summary
The vulnerability in Windows Telephony Service allows an attacker to execute arbitrary code on the affected system. By sending specially crafted requests, a malicious actor can exploit this weakness to gain unauthorized access and control over the system, potentially compromising sensitive data and disrupting service availability. It is crucial for organizations to promptly apply security updates to mitigate risks associated with this vulnerability.
Affected Version(s)
Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20890
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7699
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.6775
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved