fkie_cve-2025-21237
Vulnerability from fkie_nvd
Published
2025-01-14 18:15
Modified
2025-01-29 23:15
Severity ?
Summary
Windows Telephony Service Remote Code Execution Vulnerability
References
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21237 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*", matchCriteriaId: "D5C2C390-24E9-42C9-84BF-EE28670CAB30", versionEndExcluding: "10.0.10240.20890", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*", matchCriteriaId: "C0B9C790-A26D-4EBD-B5CA-F0C628835A21", versionEndExcluding: "10.0.10240.20890", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", matchCriteriaId: "DE0F44E5-40C1-4BE3-BBA4-507564182682", versionEndExcluding: "10.0.14393.7699", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", matchCriteriaId: "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB", versionEndExcluding: "10.0.14393.7699", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", matchCriteriaId: "1BB028F9-A802-40C7-97BF-1D169291678F", versionEndExcluding: "10.0.17763.6775", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", matchCriteriaId: "9F077951-8177-4FEE-A49A-76E51AE48CE0", versionEndExcluding: "10.0.17763.6775", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", matchCriteriaId: "5D64D2C7-51C3-47EB-B86E-75172846F4DF", versionEndExcluding: "10.0.19044.5371", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", matchCriteriaId: "BC92CC57-B18C-43C3-8180-9A2108407433", versionEndExcluding: "10.0.19045.5371", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", matchCriteriaId: "D84EDF98-16E1-412A-9879-2C2FEF87FB2B", versionEndExcluding: "10.0.22621.4751", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", matchCriteriaId: "282E3839-E953-4B14-A860-DBACC1E99AFF", versionEndExcluding: "10.0.22631.4751", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*", matchCriteriaId: "78A3F671-95DC-442A-A511-1E875DF93546", versionEndExcluding: "10.0.26100.2894", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", matchCriteriaId: "DA4426DD-B748-4CC4-AC68-88AD963E5F0C", versionEndExcluding: "10.0.14393.7699", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "8F604C79-6A12-44C9-B69D-A2E323641079", versionEndExcluding: "10.0.17763.6775", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "7B8C9C82-359E-4318-A10D-AA47CDFB38FE", versionEndExcluding: "10.0.20348.3091", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", matchCriteriaId: "E3E0C061-2DA7-4237-9607-F6792DC92DD3", versionEndExcluding: "10.0.25398.1369", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*", matchCriteriaId: "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880", versionEndExcluding: "10.0.26100.2894", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Windows Telephony Service Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código en Windows Telephony Service", }, ], id: "CVE-2025-21237", lastModified: "2025-01-29T23:15:25.410", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2025-01-14T18:15:36.983", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21237", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.