Remote Code Execution Vulnerability in Windows Reliable Multicast Transport Driver by Microsoft
CVE-2025-21307

9.8CRITICAL

Key Information:

Vendor
Microsoft
Status
Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (server Core Installation)
Windows Server 2022
Vendor
CVE Published:
14 January 2025

Badges

đź“° News Worthy

Summary

The Windows Reliable Multicast Transport Driver (RMCAST) has a vulnerability that allows remote attackers to execute arbitrary code on the affected system. Exploitation of this flaw could enable an attacker to take control of the system, potentially leading to data breaches and unauthorized access. It is crucial for users of the RMCAST Driver to apply security updates promptly to mitigate the risks associated with this vulnerability.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20890

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7699

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.6775

News Articles

favicon imageQualys Security Blog

How to Address CVE-2025-21307 Without a Patch Before the Weekend | Qualys Security Blog

Microsoft’s January 2025 Patch Tuesday release addresses a critical vulnerability—CVE-2025-21307—in the Windows Reliable Multicast Transport Driver (RMCAST).

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by Qualys Security Blog

  • Vulnerability published

  • Vulnerability Reserved

.