CVE-2025-21241

Summary

CVE-2025-21241 is a newly discovered remote code execution vulnerability affecting the Windows Telephony Service. Hackers can exploit this flaw by sending specially crafted RTP packets to a targeted system, potentially gaining control over it. Successful exploitation could lead to the installation of malware, unauthorized access, or other malicious activities. Microsoft recommends applying the available patch to mitigate the risk of attacks, as no workarounds are currently available. Organizations and individuals running unpatched Windows systems are urged to take immediate action to protect their networks from potential exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.