CVE-2025-21273

Q: What is the severity of CVE-2025-21273?

CVE-2025-21273 has a CVSS score of 8.8 (HIGH). This vulnerability in Windows Telephony Service allows remote attackers to execute arbitrary code on affected systems by sending specially crafted requests. It affects Windows systems with the Telephony Service enabled, potentially allowing attackers to gain SYSTEM privileges. Organizations running vulnerable Windows versions with telephony features are at risk.

8.8 HIGH

Remote Code Execution

📋 TL;DR

This vulnerability in Windows Telephony Service allows remote attackers to execute arbitrary code on affected systems by sending specially crafted requests. It affects Windows systems with the Telephony Service enabled, potentially allowing attackers to gain SYSTEM privileges. Organizations running vulnerable Windows versions with telephony features are at risk.

💻 Affected Systems

Products:

Windows Telephony Service

Versions: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Systems with Telephony Service enabled are vulnerable. The service may not be running by default on all systems but is present in the OS.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with SYSTEM privileges, enabling lateral movement, data exfiltration, ransomware deployment, and complete control over affected systems.

🟠

Likely Case

Initial foothold leading to privilege escalation, credential harvesting, and deployment of additional malware payloads within the network.

🟢

If Mitigated

Limited impact due to network segmentation, restricted service permissions, and proper access controls preventing lateral movement.

🌐 Internet-Facing: MEDIUM - While the service may be exposed, exploitation typically requires network access to the vulnerable service port.

🏢 Internal Only: HIGH - Internal attackers or compromised systems can exploit this to move laterally across the network with elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires network access to the Telephony Service and knowledge of the vulnerability. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest Windows security updates from Microsoft

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21273

Restart Required: Yes

Instructions:

1. Apply the latest Windows security updates from Microsoft. 2. Restart affected systems to complete the patch installation. 3. Verify the patch is applied successfully.

🔧 Temporary Workarounds

Disable Windows Telephony Service

all

Disable the vulnerable Telephony Service if not required for business operations

sc config TapiSrv start= disabled
sc stop TapiSrv

Block Telephony Service Ports

all

Block network access to Telephony Service ports using firewall rules

netsh advfirewall firewall add rule name="Block Telephony Service" dir=in action=block protocol=TCP localport=3372,3373,3374

🧯 If You Can't Patch

Implement strict network segmentation to isolate systems with Telephony Service
Apply principle of least privilege to service accounts and restrict administrative access

🔍 How to Verify

Check if Vulnerable:

Check if Telephony Service is running: sc query TapiSrv

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify Windows Update history contains the security patch for CVE-2025-21273

📡 Detection & Monitoring

Log Indicators:

Unusual Telephony Service process creation
Failed authentication attempts to Telephony Service
Suspicious network connections to Telephony Service ports

Network Indicators:

Unusual traffic to TCP ports 3372, 3373, 3374
Anomalous network patterns from systems running Telephony Service

SIEM Query:

source="windows" AND (process_name="TapiSrv" OR service_name="Telephony") AND (event_type="process_creation" OR event_type="network_connection")

📊 Metadata

CVE ID: CVE-2025-21273

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-122

EPSS Score: 1.64% exploit probability (81.6th percentile)

Published: January 14, 2025

Last Updated: January 27, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21273 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft