CVE-2025-21288
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2025-21288 is a new Windows COM Server Information Disclosure vulnerability that has been discovered. This issue allows attackers to obtain sensitive information from a targeted system by manipulating specially crafted COM objects. The vulnerability can lead to potential security breaches, as the leaked data could contain confidential information or credentials. Successful exploitation does not require user interaction, making this a dangerous threat to any Windows system running the affected COM component. Microsoft has released a patch to address this vulnerability, and it is recommended that all affected systems be updated promptly to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Microsoft Windows Server 2008
Affected Vendors
- Microsoft