Severity
High
Analysis Summary
CVE-2025-21237 CVSS:8.8
Microsoft Windows Telephony Service could allow a remote attacker to execute arbitrary code on the system when visiting a specially crafted Web site.
CVE-2025-21176 CVSS:8.8
Microsoft .NET, .NET Framework and Visual Studio could allow a remote attacker to execute arbitrary code on the system when visiting a specially crafted Web site.
CVE-2025-21172 CVSS:7.5
Microsoft .NET and Visual Studio could allow a remote attacker to execute arbitrary code on the system when visiting a specially crafted Web site.
CVE-2025-21239 CVSS:8.8
Microsoft Windows Telephony Service could allow a remote attacker to execute arbitrary code on the system when visiting a specially crafted Web site.
CVE-2025-21171 CVSS:7.5
Microsoft .NET could allow a remote attacker to execute arbitrary code on the system when visiting a specially crafted Web site.
Impact
- Code Execution
Indicators of Compromise
CVE
CVE-2025-21237
CVE-2025-21176
CVE-2025-21172
CVE-2025-21239
CVE-2025-21171
Affected Vendors
- Microsoft
Affected Products
- Microsoft Visual Studio 2022 version 17.10 - 17.10
- Microsoft Visual Studio 2022 version 17.6 - 17.6.0
- Microsoft Visual Studio 2022 version 17.8 - 17.8.0
- Microsoft Windows 10 Version 1809 - 10.0.17763.0
- Microsoft Windows Server 2019 - 10.0.17763.0
- Microsoft Windows Server 2019 (Server Core installation) - 10.0.17763.0
- Microsoft Windows Server 2022 - 10.0.20348.0
- Microsoft Windows 10 Version 22H2 - 10.0.19045.0
- Microsoft Windows Server 2012 (Server Core installation) - 6.2.9200.0
- Microsoft Windows Server 2012 R2 - 6.3.9600.0
- Microsoft Windows Server 2012 R2 (Server Core installation) - 6.3.9600.0
- Microsoft Windows Server 2012 - 6.2.9200.0
- Microsoft Windows 10 Version 21H2 - 10.0.19043.0
- Microsoft Visual Studio 2022 version 17.12 - 17.0
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.