CVE-2025-21307

CVE-2025-21307 is a Remote Code Execution vulnerability affecting the Windows Reliable Multicast Transport Driver (RMCAST). Published on January 14, 2025, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical severity and linking it to CWE-416.

The vulnerability enables remote exploitation over the network by unauthenticated attackers requiring no privileges or user interaction, with low attack complexity. Successful exploitation grants attackers remote code execution capabilities, resulting in high impacts to confidentiality, integrity, and availability.

The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21307 details mitigation strategies and available patches.