CVE-2025-21250

CVE-2025-21250 is a Remote Code Execution vulnerability in the Windows Telephony Service, a component of Microsoft Windows operating systems. Published on 2025-01-14, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-122, indicating a likely buffer overflow issue with insufficient additional details from NVD-CWE-noinfo.

The vulnerability can be exploited over the network by unauthenticated remote attackers with low complexity, but requires user interaction, such as clicking a malicious link or processing crafted content. Successful exploitation enables arbitrary code execution on the affected system under the context and privileges of the Windows Telephony Service, granting high-impact access to compromise confidentiality, integrity, and availability.

Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21250 provides details on available patches and mitigation recommendations, which security practitioners should apply promptly to affected Windows systems.