CVE-2025-21244 is an integer overflow vulnerability classified under CWE-190 found in the Windows Telephony Service component of Microsoft Windows 10 Version 1507 (build 10.0.10240.0). The vulnerability stems from improper validation of integer values used internally by the Telephony Service, which can cause an integer overflow or wraparound condition. This flaw can lead to memory corruption, enabling remote attackers to execute arbitrary code on the affected system. The vulnerability is exploitable remotely over the network without requiring privileges or prior authentication, but it does require user interaction, such as the user accepting a call or interacting with a telephony-related prompt. The CVSS v3.1 base score is 8.8, indicating high severity, with impacts on confidentiality, integrity, and availability (all rated high). The attack vector is network-based with low attack complexity and no privileges required, making it a significant threat to unpatched systems. No public exploit code or active exploitation has been reported yet. The vulnerability affects only the initial release of Windows 10 (Version 1507), which is an outdated and unsupported version, but some legacy systems may still be in use. The lack of available patches at the time of publication means mitigation relies on system upgrades or workarounds until Microsoft releases a fix.

For European organizations, this vulnerability poses a critical risk if they operate legacy Windows 10 Version 1507 systems, particularly in environments where telephony services are integral, such as call centers, telecommunications providers, or organizations using VoIP solutions integrated with Windows Telephony Service. Successful exploitation could lead to remote code execution, allowing attackers to gain full control over affected machines, steal sensitive data, disrupt services, or move laterally within networks. This could result in significant operational disruption, data breaches, and reputational damage. Given the high confidentiality, integrity, and availability impacts, critical infrastructure sectors such as finance, healthcare, and government agencies are especially vulnerable. The requirement for user interaction somewhat limits mass exploitation but targeted attacks against high-value European entities remain a concern. The absence of known exploits in the wild provides a window for proactive mitigation, but the legacy nature of the affected OS version complicates patch deployment and increases risk.

1. Immediate mitigation should focus on upgrading affected systems from Windows 10 Version 1507 to a supported and fully patched Windows version, as this version is no longer supported and lacks security updates. 2. If upgrading is not immediately feasible, organizations should restrict network access to the Telephony Service ports and protocols, using firewalls and network segmentation to limit exposure. 3. Implement strict user awareness training to reduce the risk of successful exploitation via social engineering or user interaction vectors. 4. Monitor network traffic and system logs for unusual telephony service activity or signs of exploitation attempts. 5. Deploy endpoint detection and response (EDR) solutions capable of detecting memory corruption or anomalous process behavior related to telephony services. 6. Coordinate with Microsoft for any out-of-band patches or mitigations once available. 7. Review and harden telephony-related configurations and disable unnecessary telephony features if not required. 8. Maintain an up-to-date asset inventory to identify and prioritize remediation of legacy Windows 10 Version 1507 systems.