CVE-2025-21339

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 14, 2025

CWE ID 122

Summary

CVE-2025-21339 is a remote code execution vulnerability affecting Microsoft's Windows Telephony Service. An attacker can exploit this vulnerability by sending a specially crafted request to a targeted system, resulting in the execution of arbitrary code with system privileges. Successful exploitation could lead to significant security compromises, including data theft or system takeover. Microsoft has released a patch to address this issue, and it is highly recommended that all affected systems be updated as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Microsoft Windows Server 2008

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2dxiaQ
https://www.cve.org/CVERecord?id=CVE-2025-21339
https://nvd.nist.gov/vuln/detail/CVE-2025-21339

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners