CVE-2025-21239

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 14, 2025
CWE ID 122

Summary

A remote code execution vulnerability, identified as CVE-2025-21239, has been discovered in Microsoft's Windows Telephony Service. This issue allows an attacker to exploit the service and execute malicious code on the targeted system. The flaw stems from insufficient input validation, enabling an unauthenticated attacker to send specially crafted packets to the affected Windows systems. Successful exploitation could result in significant harm, including data theft, system compromise, and potential spread of malware. Microsoft strongly encourages users to install the available patch to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share