CVE-2025-21298

Published Jan 14, 2025

Last updated a month ago

CVSS critical 9.8

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-21298 is a critical vulnerability in Windows Object Linking and Embedding (OLE) that can lead to remote code execution. This flaw allows attackers to execute code on a victim's machine remotely, without requiring any interaction from the victim (zero-click). Exploitation can be achieved by sending a specially crafted email, often containing a malicious Rich Text Format (RTF) document, to a user of Microsoft Outlook. Simply opening or previewing the email can trigger the vulnerability. The technical root cause lies within the `ole32.dll` file, specifically in the `UtOlePresStmToContentsStm` function. A double-free error in this function, which handles embedded OLE objects within RTF files, allows for memory manipulation, enabling the execution of malicious code. Proof-of-concept exploits demonstrating memory corruption have been publicly released. This vulnerability has a CVSS score of 9.8, highlighting its severity.

Description
Windows OLE Remote Code Execution Vulnerability
Source
secure@microsoft.com
NVD status
Analyzed

Insights

Analysis from the Intruder Security Team
Published Jan 15, 2025

CVE-2025-21298 allows attackers to execute code by sending a malicious RTF email. The exploit triggers when the email is opened or previewed in an unpatched Outlook client, requiring no user interaction beyond viewing the message. To mitigate the risk, apply Microsoft's patch immediately, or as a temporary measure, disable RTF reading and configure Outlook to display emails in plain text.

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

secure@microsoft.com
CWE-416
nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. 💥 FLASH NOTICE 💥 CVE-2025-21298 is a critical zero-click vulnerability in #Windows Object Linking and Embedding (OLE) technology. #Microsoft has released patches to address this vulnerability - users are strongly advised to apply them ASAP. More: https://t.co/n5pLUO0J5r https:

    @Avertium

    14 Feb 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-21298: Kritikus Windows OLE Zero-Click sérülékenység A modern kiberfenyegetések között a zero-click sebezhetőségek kiemelten veszélyesek, mivel minimális vagy akár nulla felhasználói interakciót igényelnek. A CVE-2025-21298 különösen kritikus, mivel egy egyszerű e-mail…

    @freszferenc

    9 Feb 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Top 5 Trending CVEs: 1 - CVE-2025-23369 2 - CVE-2025-23419 3 - CVE-2025-21298 4 - CVE-2024-21413 5 - CVE-2013-2678 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    9 Feb 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ⚠️ Another CVE SOC Alert: Windows OLE Zero-Click RCE Exploitation Detected CVE: CVE-2025-21298 Type: Malware Difficulty: Medium Event ID: 314 https://t.co/vwe2FCwf5p

    @LetsDefendIO

    8 Feb 2025

    2544 Impressions

    3 Retweets

    34 Likes

    9 Bookmarks

    0 Replies

    0 Quotes

  5. [1day1line] CVE-2025-21298: Windows OLE Double Free Vulnerability https://t.co/trGbpfViGu Hello. Today's one-line issue is CVE-2025-21298 which is Windows OLE Double Free vulnerability. The pstmContents used in the UtOlePresStmToContentsStm function of ole32.dll were released…

    @hackyboiz

    8 Feb 2025

    4012 Impressions

    25 Retweets

    63 Likes

    35 Bookmarks

    0 Replies

    0 Quotes

  6. [1day1line] CVE-2025-21298: Windows OLE Double Free Vulnerability Hello. Today's one-line issue is CVE-2025-21298 which is Windows OLE Double Free vulnerability. The pstmContents used in the UtOlePresStmToContentsStm function of ole32.dll were released twice, causing Double… ht

    @hackyboiz

    8 Feb 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Micropatches Released for Windows OLE Remote Code Execution (CVE-2025-21298) https://t.co/QTSrBHyMG4 https://t.co/Ays6R4vFXv

    @0patch

    7 Feb 2025

    550 Impressions

    4 Retweets

    7 Likes

    0 Bookmarks

    1 Reply

    1 Quote

  8. CVE-2025-21298 is a no-click, high-risk vulnerability in Windows. Malicious RTF files can execute code remotely just by being previewed in Outlook. Get the full details and mitigation steps: https://t.co/lMXGHFuq49 #windows #Vulnerability #ZeroClick #RemoteCodeExecution https:

    @GeekFeedNet

    5 Feb 2025

    53 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  9. In January 2025, a critical security vulnerability identified as CVE-2025-21298 was disclosed, affecting Windows Object Linking and Embedding (OLE) technology. This vulnerability, with a CVSS score of 9.8, allows for remote code execution (RCE) through specially crafted… https

    @y1659rsgh

    3 Feb 2025

    7 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. CVE-2025-21298 is a no-click, high-risk vulnerability in Windows. Malicious RTF files can execute code remotely just by being previewed in Outlook. Get the full details and mitigation steps: https://t.co/3HQncnbEiP

    @offsectraining

    3 Feb 2025

    64341 Impressions

    260 Retweets

    826 Likes

    400 Bookmarks

    7 Replies

    10 Quotes

  11. 🔒 Discover #CVE-2025-21298, a critical flaw affecting Windows! 🚨 Protect your systems now with these 3 simple steps. #Exploit avaliable #CyberSecurity #Windows #InformationSecurity https://t.co/dsrhA6ndn6

    @_F2po_

    1 Feb 2025

    101 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🔒 Découvrez la CVE-2025-21298, une faille critique touchant Windows ! 🚨 Protégez vos systèmes maintenant avec ces 3 étapes simples. #CyberSécurité #Windows #SécuritéInformatique https://t.co/95qenH7Q09

    @_F2po_

    1 Feb 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Top 5 Trending CVEs: 1 - CVE-2025-21298 2 - CVE-2025-24118 3 - CVE-2024-57727 4 - CVE-2025-24883 5 - CVE-2025-21293 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    1 Feb 2025

    120 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. GitHub - ynwarcs/CVE-2025-21298: Proof of concept & details for CVE-2025-21298 - https://t.co/hlMXdSIRNJ

    @piedpiper1616

    1 Feb 2025

    822 Impressions

    5 Retweets

    13 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  15. NEW No-Click Critical Vulnerability in Microsoft Windows: CVE-2025-21298

    @StreetWalker212

    1 Feb 2025

    263 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. NEW! No-Click, Critical Vulnerability in Windows! CVE-2025-21298 Learn more here! https://t.co/zCAuGWv7s1 https://t.co/ShgVPN7KBp

    @three_cube

    31 Jan 2025

    8869 Impressions

    22 Retweets

    102 Likes

    23 Bookmarks

    3 Replies

    2 Quotes

  17. به تازگی آسیب پذیری جدید برای Object Linking and Embedding (OLE) در ویندوز با کد شناسایی CVE-2025-21298 منتشر شده است. این آسیب پذیری از نوع RCE بوده و بسیار خطرناک می باشد چرا که نیازی به اجرای یک فایل یا کلیک کردن روی یک لینک نیست. https://t.co/Poz3aKY03t https://t.co/Hu3lA7L1

    @AmirHossein_sec

    30 Jan 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Viewing RTF documents regularly in Microsoft Word or Outlook? CVE-2025-21298 allows attackers to execute code and compromise systems with minimal user interaction. More on this and 4️⃣ other vulns in The Bug Report. https://t.co/sfgB5pUvCz https://t.co/HUZRl393KP

    @TrellixARC

    30 Jan 2025

    238 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  19. ⚠️ OLE objects embedded within RTF files are suspicious. ⚠️ 🤔 🚨 But if the context is an email containing an attached RTF with an OLE object, it may be trying to exploit CVE-2025-21298! 🚨☠️ https://t.co/mIf3aFivVl #exploit #RCE #maldoc #CVE https://t.co/cNbBnyyVAT

    @filescan_itsec

    29 Jan 2025

    309 Impressions

    2 Retweets

    5 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  20. 🚨 Breaking: Critical Zero-Click RCE Vulnerability Discovered in Outlook (CVE-2025-21298) 🚨 A newly uncovered zero-click remote code execution (RCE) vulnerability in Microsoft Outlook could allow attackers to execute malicious code without any user interaction. This means… http

    @IntCyberDigest

    28 Jan 2025

    2149 Impressions

    3 Retweets

    21 Likes

    8 Bookmarks

    3 Replies

    0 Quotes

  21. CVE-2025-21298: Vulnerabilidad Crítica en Windows OLE que Amenaza la Seguridad de Outlook https://t.co/raiTezuvsm

    @Error400cl

    27 Jan 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. APT Groups in action again, started to Exploit CVE-2025-21298 by Botnet and C2-Operation IP: 185.199.109.133 MD5: 9d68678aeee52684bbe3c983222b1da3 Malware found linked IP are: CobaltStrike, Blackmoon, Mimikatz, njRAT, QuasarRAT, RedLineStealer, Lumma, and TFRv2 and v1. https://

    @byt3n33dl3

    27 Jan 2025

    184 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    1 Quote

  23. Detectada vulnerabilidad crítica en Microsoft (CVE-2025-21298). Este fallo en la tecnología OLE de Windows permite la ejecución remota de código (RCE) sin interacción del usuario, afectando a múltiples versiones de Windows. Más detalles aquí: https://t.co/8gnhJ9ihGy https://t.co/

    @s2grupo

    27 Jan 2025

    124 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  24. CVE-2025-21298 Windows OLE Remote Code Execution Vulnerability! A critical vulnerability in Windows Object Linking and Embedding (OLE) technology, which enables remote code execution (RCE) with a CVSS severity score of 9.8. Read more: https://t.co/vTN6RWA74m #cve #rce #windows

    @0xKrat0s

    27 Jan 2025

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. Top 5 Trending CVEs: 1 - CVE-2025-23006 2 - CVE-2024-50050 3 - CVE-2024-43468 4 - CVE-2025-0282 5 - CVE-2025-21298 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    27 Jan 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. 💡Chinese #APT 🇨🇳 Groups started to #Exploit #CVE-2025-21298 by #Botnet C2 IP: 185.199.109.133 MD5: 9d68678aeee52684bbe3c983222b1da3 #Malware found linked IP are: #CobaltStrike, #Blackmoon, #Mimikatz, #njRAT, #QuasarRAT, #RedLineStealer #infosec #OSINT #security #china #TO

    @RakeshKrish12

    27 Jan 2025

    5734 Impressions

    26 Retweets

    78 Likes

    38 Bookmarks

    2 Replies

    0 Quotes

  27. Outlook の Zero-Click 脆弱性 CVE-2025-21298 に注意:2025/01 の月例で対応済み https://t.co/BFZixIgjV2 メールにエンベッドされた OLE オブジェクトが関連する、Outlook の脆弱性が FIX とのことです。文中にもあるように、この脆弱性は、Patch Tuesday 2025 January で FIX… https://t.co/mFBJC4JPYa

    @iototsecnews

    27 Jan 2025

    352 Impressions

    2 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  28. A critical zero-click vulnerability (CVE-2025-21298) in Windows OLE allows malicious code execution simply by previewing a harmful RTF email. Security experts urge immediate risk mitigation! ⚠️ #Microsoft #Windows #Malware link: https://t.co/ACkJEB7RtC https://t.co/5uAUxSJr5I

    @TweetThreatNews

    26 Jan 2025

    70 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  29. Zero-Click Outlook RCE Vulnerability (CVE-2025-21298), PoC Released https://t.co/58e31Vuh45

    @PVynckier

    26 Jan 2025

    155 Impressions

    3 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. This is a proof-of-concept for CVE-2025-21298 - Windows OLE Remote Code Execution Vulnerability (CVSS 9.8) https://t.co/3Xd2Vu8OKN https://t.co/Kmb0P5zkVb

    @secharvesterx

    26 Jan 2025

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. اکسپلویت آسیب پذیری CVE-2025-21298 در Microsoft Outlook منتشر شد! #Cyber_security_news #اخبار_امنیت_سایبری #CVE_2025_21298 #Microsoft_Outlook https://t.co/hbY40TyoRn

    @vulnerbyte

    25 Jan 2025

    33 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  32. There is a vulnerability CVE-2025-21298 every IT person needs to update your windows computers right away and it has to do with Microsoft outlook. It’s a nasty one .

    @RealDrewJones

    25 Jan 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    4 Replies

    0 Quotes

  33. CVE-2025-21298 Exploit Code Released #CVE-2025-21298 #Microsoft #ExploitCode https://t.co/O5we5RBBSv

    @pravin_karthik

    24 Jan 2025

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. 🚨 CVE-2025-21298: Critical RCE vulnerability in Windows OLE discovered! 🛑 Attackers can execute malicious code to take control of affected systems. Don't miss out on the details & patch now! 🔒 🔗https://t.co/dJc8QcIhkE #go_to_cve #CVE #RCE #WindowsOLE #Security

    @soltanali0

    23 Jan 2025

    264 Impressions

    0 Retweets

    8 Likes

    0 Bookmarks

    2 Replies

    0 Quotes

  35. 🚨 Zero-Click Vulnerability Alert: Microsoft patched a critical zero-click RCE vulnerability in Windows OLE (CVE-2025-21298). 9.8 on CVSS and allows attackers to exploit systems with no user interaction. - Just previewing an email. Let’s break it down 🧵👇

    @mattjay

    23 Jan 2025

    103031 Impressions

    214 Retweets

    981 Likes

    547 Bookmarks

    10 Replies

    18 Quotes

  36. A critical vulnerability (CVE-2025-21298) in Windows enables remote code execution through a malicious RTF file sent via email. It impacts Windows 10, 11, and Server, with a severity score of 9.8/10 (CVSS). #CyberSecurity #InfoSec https://t.co/KEKGrrupq9

    @0x_Lady

    23 Jan 2025

    84 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    1 Reply

    0 Quotes

  37. 🚨 ALERTE #CYBER 🚨 Nouvelle vulnérabilité critique dans #Microsoft Outlook. Une faille majeure, référencée CVE-2025-21298, a été découverte dans #Outlook. Plus d'infos en commentaire 👇 https://t.co/Gu9Z7J8XAg

    @MgmSolutionsfr

    23 Jan 2025

    99 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    3 Replies

    0 Quotes

  38. 🚨Alert🚨 CVE-2025-21298 : Windows OLE Remote Code Execution Vulnerability 🔥PoC:https://t.co/gPzMsqZM61 🧐Deep Dive : https://t.co/L4k5UbKK5q 📊 1.2M+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/D4e39xFXWj 👇Query HUNTER… https://t.co/Co0

    @HunterMapping

    23 Jan 2025

    5333 Impressions

    37 Retweets

    118 Likes

    53 Bookmarks

    0 Replies

    0 Quotes

  39. #exploit 1. CVE-2024-54887: TP-Link TL-WR940N BoF - https://t.co/LJfZQYbs0m 2. CVE-2024-41570: Authenticated Havoc-Chained-RCE - https://t.co/jNOBFzBRFX 3. CVE-2025-21298: Windows OLE RCE (CVSS 9.8) - https://t.co/ILiDNHhuf8

    @ksg93rd

    22 Jan 2025

    81 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  40. CVE-2025-21298, a critical & easy-to-exploit #RCE vulnerability in Microsoft Outlook could cause a full system compromise. Detect exploitation attempts with a free #Sigma rule from SOC Prime Platform and check out our blog for more details. https://t.co/km2XYk0BFQ

    @SOC_Prime

    22 Jan 2025

    1247 Impressions

    5 Retweets

    7 Likes

    3 Bookmarks

    0 Replies

    1 Quote

  41. A Deep Dive into the OLE Zero Click RCE Vulnerability: CVE-2025-21298 https://t.co/YbAvscgzt4

    @redcytadel

    22 Jan 2025

    75 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Critical zero-click vulnerability CVE-2025-21298 in Microsoft Outlook could allow remote code execution via crafted emails. CVSS score: 9.8. Major risks to security identified. 🌐💻 #Microsoft #RCE #Outlook link: https://t.co/MmTHk4x5sR https://t.co/CPczKkirpp

    @TweetThreatNews

    22 Jan 2025

    105 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  43. 🚨Outlook Zero-Click RCE Vulnerability (CVE-2025-21298) CVSS: 9.8🚨 Interim KQL detection for potential incident until infrastructure is fully patched. KQL Code: https://t.co/77JQvUhAqa https://t.co/4SGodUgnit

    @0x534c

    22 Jan 2025

    26380 Impressions

    78 Retweets

    314 Likes

    252 Bookmarks

    3 Replies

    1 Quote

  44. 🚨📷 Microsoft's Jan '25 Patch Tuesday fixes 161 vulns, incl. 3 actively exploited. Critical CVE-2025-21298 (OLE RCE, CVSS 9.8) also addressed. Update now! #PatchTuesday #CyberSecurity #WindowsUpdate https://t.co/zF8nwmjerQ

    @OffenseLogic

    21 Jan 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. Microsoft wydał krytyczną poprawkę dla Outlooka, umożliwiającą zdalne wykonanie kodu bez interakcji użytkownika. Luka ma numer #CVE-2025-21298. Więcej: https://t.co/TdR47xj965 #cyberbezpieczeństwo #Outlook #Microsoft #bezpieczeństwo https://t.co/o5X0h5wp3R

    @CyberMonitorPL

    21 Jan 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. Interesting POC for CVE-2025-21298 🔥, shows how vulnerable function UtOlePresStmToContentsStm mishandles pointer, causing a 'double-free' bug, which can crash the program or let attackers run malicious code https://t.co/QtwZx7UtHT

    @GrimmAnalyst

    21 Jan 2025

    127 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  47. CVE-2025-21298 is a reminder why we patch. RCE in OLE from emails.

    @heybr0_exe

    19 Jan 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  48. 💥 Alerta crítica: Outlook tiene una vulnerabilidad (CVE-2025-21298) con una gravedad de 9,8/10. Puede infectarte solo con abrir un correo o verlo en vista previa. 📩⚠️ 🔒 Microsoft ya lanzó un parche. ¡Actualiza ahora para proteger tu equipo! https://t.co/dX8gdetTcs

    @AppleX4_

    19 Jan 2025

    118 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. 微软警告用户:Microsoft Outlook 存在新的“严重”漏洞 黑客利用 Outlook 电子邮件客户端传播恶意软件非常容易。微软已经发布了针对 CVE-2025-21298 用户释放后漏洞的补丁,并敦促用户立即应用该补丁。 https://t.co/BNYwDQCkG3

    @alexwangsir

    17 Jan 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. Keep calm and continue mailing, Microsoft Patches #Outlook Zero-Click: CVE-2025-21298 Exploits RCE via Emails. Stay informed about critical vulnerability (CVE-2025-21298, CVSS 9.8) in Microsoft Outlook. Great Job 🔒 https://t.co/KA0mOEsRxc

    @byt3n33dl3

    17 Jan 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

References