CVE-2025-21288

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 14, 2025
CWE ID 908

Summary

CVE-2025-21288 is a new Windows COM Server Information Disclosure vulnerability that has been discovered. This issue allows attackers to obtain sensitive information from a targeted system by manipulating specially crafted COM objects. The vulnerability can lead to potential security breaches, as the leaked data could contain confidential information or credentials. Successful exploitation does not require user interaction, making this a dangerous threat to any Windows system running the affected COM component. Microsoft has released a patch to address this vulnerability, and it is recommended that all affected systems be updated promptly to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Windows Server 2008

Affected Vendors

  • Microsoft