February 13th 2025 | #dfir #letsdefend

CVE-2025-21298 is a high-severity Windows OLE vulnerability disclosed in January 2025 that has been assigned a CVSS 3.1 score of 9.8. Affected operating systems are Windows 10, 11, Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2022, 2025. It allows for remote code execution (RCE) through specially crafted emails, posing significant risks to users and organizations.