CVE-2025-21298

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 14, 2025
CWE ID 416

Summary

CVE-2025-21298 is a new Windows vulnerability that allows an attacker to execute arbitrary code remotely using OLE (Object Linking and Embedding). This means that malicious emails or websites can exploit this flaw to install malware on a victim's computer without their knowledge or consent. The vulnerability exists in the way Microsoft Windows handles OLE objects and can be triggered through a specially crafted attachment or link. Successful exploitation can lead to a full system compromise. Microsoft has released a security update to address this issue, and users are strongly encouraged to install it as soon as possible to protect against potential attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Windows 10
  • Microsoft Windows 11
  • Microsoft Windows Server 2008
  • Windows Server 2022

Affected Vendors

  • Microsoft