What is the severity of CVE-2025-21248?

CVE-2025-21248 has a severity rating that indicates it allows remote code execution, potentially leading to significant security risks.

How do I fix CVE-2025-21248?

To fix CVE-2025-21248, apply the available patches corresponding to your affected Microsoft Windows product.

What products are affected by CVE-2025-21248?

CVE-2025-21248 affects several Microsoft Windows products, including Windows 10, Windows 11, and Windows Server editions.

What is the potential impact of CVE-2025-21248?

The potential impact of CVE-2025-21248 includes unauthorized access and execution of malicious code on affected systems.

Are there workarounds available for CVE-2025-21248?

Currently, the best mitigation for CVE-2025-21248 is to apply the security updates provided by Microsoft for the affected software.

Vulnerability/
CVE-2025-21248

high

8.8

CWE

122

EPSS

0.091%

14/1/2025

21/2/2025

CVE-2025-21248: Windows Telephony Service Remote Code Execution Vulnerability

First published: Tue Jan 14 2025(Updated: )

Windows Telephony Service Remote Code Execution Vulnerability

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Windows Server 2019		fix available externally
Microsoft Windows 11	=23H2	fix available externally
Microsoft Windows 10	=21H2	fix available externally
Microsoft Windows 10		fix available externally
Microsoft Windows Server 2025		fix available externally
Microsoft Windows 11	=24H2	fix available externally
Microsoft Windows 10	=22H2	fix available externally
Microsoft Windows Server 2019		fix available externally
Microsoft Windows Server 2016		fix available externally
Microsoft Windows 10	=21H2	fix available externally
Microsoft Windows 11	=22H2	fix available externally
Microsoft Windows Server 2025		fix available externally
Microsoft Windows 10	=1809	fix available externally
Microsoft Windows 10	=22H2	fix available externally
Microsoft Windows 11	=22H2	fix available externally
Microsoft Windows 10	=1809	fix available externally
Microsoft Windows 11	=24H2	fix available externally
Microsoft Windows Server 2016		fix available externally
Microsoft Windows Server 2022		fix available externally
Microsoft Windows 10	=1607	fix available externally
Microsoft Windows 10	=1607	fix available externally
Microsoft Windows 10	=21H2	fix available externally
Microsoft Windows 10		fix available externally
Microsoft Windows Server 2022		fix available externally
Microsoft Windows 10	=22H2	fix available externally
Microsoft Windows 11	=23H2	fix available externally
Microsoft Windows Server 2022 23H2		fix available externally
Microsoft Windows 10 1507	<10.0.10240.20890
Microsoft Windows 10 1507	<10.0.10240.20890
Microsoft Windows 10 Version 1607 x86	<10.0.14393.7699
Microsoft Windows 10 Version 1607 x86	<10.0.14393.7699
Microsoft Windows 10 1809	<10.0.17763.6775
Microsoft Windows 10 1809	<10.0.17763.6775
Microsoft Windows 10 21h2	<10.0.19044.5371
Microsoft Windows 10 22h2	<10.0.19045.5371
Microsoft Windows 11 22h2	<10.0.22621.4751
Microsoft Windows 11 23h2	<10.0.22631.4751
Microsoft Windows 11 Home Edition	<10.0.26100.2894
Microsoft Windows Server 2016	<10.0.14393.7699
Microsoft Windows Server 2019	<10.0.17763.6775
Microsoft Windows Server 2022	<10.0.20348.3091
Microsoft Windows Server 2022 23H2	<10.0.25398.1369
Microsoft Windows Server 2025	<10.0.26100.2894

Remedy

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21248

Never miss a vulnerability like this again

Reference Links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21248 (Advisory)

Frequently Asked Questions

What is the severity of CVE-2025-21248?
CVE-2025-21248 has a severity rating that indicates it allows remote code execution, potentially leading to significant security risks.
How do I fix CVE-2025-21248?
To fix CVE-2025-21248, apply the available patches corresponding to your affected Microsoft Windows product.
What products are affected by CVE-2025-21248?
CVE-2025-21248 affects several Microsoft Windows products, including Windows 10, Windows 11, and Windows Server editions.
What is the potential impact of CVE-2025-21248?
The potential impact of CVE-2025-21248 includes unauthorized access and execution of malicious code on affected systems.
Are there workarounds available for CVE-2025-21248?
Currently, the best mitigation for CVE-2025-21248 is to apply the security updates provided by Microsoft for the affected software.

agent/references
agent/title
agent/type
collector/msrc-cve
source/Microsoft
agent/software-canonical-lookup
agent/description
agent/first-publish-date
collector/msrc
agent/author
agent/severity
agent/weakness
agent/event
agent/source
collector/epss-latest
source/FIRST
agent/epss
agent/remedy
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
collector/mitre-cve
source/MITRE
agent/last-modified-date
vendor/microsoft
canonical/microsoft windows server 2019
canonical/microsoft windows 11
version/microsoft windows 11/23h2
canonical/microsoft windows 10
version/microsoft windows 10/21h2
canonical/microsoft windows server 2025
version/microsoft windows 11/24h2
version/microsoft windows 10/22h2
canonical/microsoft windows server 2016
version/microsoft windows 11/22h2
version/microsoft windows 10/1809
canonical/microsoft windows server 2022
version/microsoft windows 10/1607
canonical/microsoft windows server 2022 23h2
canonical/microsoft windows 10 1507
canonical/microsoft windows 10 version 1607 x86
canonical/microsoft windows 10 1809
canonical/microsoft windows 10 21h2
canonical/microsoft windows 10 22h2
canonical/microsoft windows 11 22h2
canonical/microsoft windows 11 23h2
canonical/microsoft windows 11 home edition