Windows News
A newly discovered vulnerability, tracked as CVE-2025-21245, has been identified in the Windows Telephony Service (TAPI), posing a severe remote code execution (RCE) risk to unpatched systems. This critical flaw affects multiple Windows versions, including Windows 10, 11, and Windows Server editions, making it a top priority for IT administrators and security teams.
What is CVE-2025-21245?
CVE-2025-21245 is a buffer overflow vulnerability in the Windows Telephony API (TAPI), which handles telephony operations such as call control and device management. Attackers can exploit this flaw by sending specially crafted network packets to a vulnerable system, potentially gaining full system control without user interaction.
Technical Details
- CVSS Score: 9.8 (Critical)
- Attack Vector: Network
- Complexity: Low
- Privileges Required: None
- User Interaction: Not required
- Affected Components:
tapisrv.dll(Telephony Service)
Affected Windows Versions
- Windows 10 (versions 1809 and later)
- Windows 11 (all versions)
- Windows Server 2019/2022
Exploit Potential
Security researchers have confirmed that:
- The vulnerability is wormable, meaning it could spread across networks automatically.
- Attackers could use it to deploy ransomware, spyware, or create botnets.
- No public exploits are currently available, but proof-of-concept code is expected soon.
Mitigation and Patches
Microsoft has released emergency updates addressing CVE-2025-21245 in the June 2025 Patch Tuesday release. Recommended actions:
- Immediately apply Windows Update KB5034855 (or later)
- If unable to patch immediately:
- Disable the Telephony Service viaservices.msc
- Block inbound TCP port 3372 at the firewall
- Enable Network Level Authentication (NLA)
# PowerShell command to disable Telephony Service
Stop-Service -Name "TapiSrv" -Force
Set-Service -Name "TapiSrv" -StartupType Disabled
Detection and Monitoring
Organizations should:
- Monitor for unusual process creation from tapisrv.dll
- Look for unexpected network connections on port 3372
- Deploy IDS/IPS rules detecting exploit patterns
Long-Term Security Implications
This vulnerability highlights:
- The risks of legacy components in modern Windows systems
- The importance of zero-trust network architectures
- Why timely patch management remains critical
Microsoft has announced plans to deprecate older TAPI components in future Windows releases, urging developers to migrate to modern communication APIs.
Frequently Asked Questions
Q: Can this be exploited over the internet?
A: Yes, if the Telephony Service is exposed to untrusted networks.
Q: Are workstations or servers more at risk?
A: Both are vulnerable, but servers may be higher-value targets.
Q: Has this been used in active attacks?
A: Not yet observed in the wild, but likely soon given the severity.
Conclusion
CVE-2025-21245 represents one of the most critical Windows vulnerabilities of 2025 due to its network-accessible, no-user-interaction exploitation scenario. All organizations should prioritize patching this vulnerability before active exploitation begins.