CVE-2025-21406

HIGH EPSS 76.4%

Published Feb 11, 20251y ago · Modified Jun 17, 20261w ago

8.8 CVSS 3.1

High

Published Feb 11, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

Windows Telephony Service Remote Code Execution Vulnerability

Base Score

8.8

Exploitability

2.8

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality High

Integrity High

Availability High

EPSS Exploit Probability

76.4% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

CWE-416 Use After Free Memory Safety

Vendor	Product	Version	Range
microsoft	windows_10_1507	*	<10.0.10240.20915
microsoft	windows_10_1507	*	<10.0.10240.20915
microsoft	windows_10_1607	*	<10.0.14393.7785
microsoft	windows_10_1607	*	<10.0.14393.7785
microsoft	windows_10_1809	*	<10.0.17763.6893
microsoft	windows_10_1809	*	<10.0.17763.6893
microsoft	windows_10_21h2	*	<10.0.19044.5487
microsoft	windows_10_22h2	*	<10.0.19045.5487
microsoft	windows_11_22h2	*	<10.0.22621.4890
microsoft	windows_11_23h2	*	<10.0.22631.4890
microsoft	windows_11_24h2	*	<10.0.26100.3194
microsoft	windows_server_2008	*	any
microsoft	windows_server_2008	*	any
microsoft	windows_server_2008	r2	any
microsoft	windows_server_2012	*	any
microsoft	windows_server_2012	r2	any
microsoft	windows_server_2016	*	<10.0.14393.7785
microsoft	windows_server_2019	*	<10.0.17763.6893
microsoft	windows_server_2022	*	<10.0.20348.3207
microsoft	windows_server_2022_23h2	*	<10.0.25398.1425
microsoft	windows_server_2025	*	<10.0.26100.3194

msrc.microsoft.com https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21406

PatchVendor Advisory

msrc.microsoft.com https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21406

PatchVendor Advisory