Back to board Open MSRC
MSRC compact vulnerability detail

CVE-2025-53144 · Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.

Severity
Important
Impact
Remote Code Execution
CVSS
8.8 base · 7.7 temporal
Release
2025-08-12
Signals
Windows Message Queuing Remote Code Execution Exploited: No Publicly disclosed: No Exploitability: Exploitation Less Likely
CWE
CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Old version New version
Description
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
FAQ / Articles
FAQ
How could an attacker exploit the vulnerability? To exploit this vulnerability, an authenticated attacker would need to send a specially crafted MSMQ packet to a MSMQ server. This could result in remote code execution on the server side.
Windows Message Queuing Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
Windows Message Queuing Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.