CVE-2025-21298: Windows OLE Remote Code Execution

Score: 9.8
CRITICAL
Published: 2025-01-14Affected: Microsoft Windows (all supported versions)CWE-416 β†—

Can Windows OLE be exploited via email?

A critical use-after-free vulnerability in Windows OLE (Object Linking and Embedding). Attackers can execute arbitrary code by sending a specially crafted email or document. The vulnerability can be triggered through Outlook preview pane β€” no user interaction required beyond previewing the email.

Impact & Exploitation

Zero-click exploitation via Outlook preview. Affects all supported Windows versions. Enables complete system compromise through email delivery.

Related Resources

πŸ” Related CWE Entries

πŸ“– Security Guides

πŸ›‘οΈ Notable Vulnerabilities

πŸ”— External References

Precogs Logo

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

Base Score

CVSS9.8
SeverityCRITICAL
CWECWE-416
Published2025-01-14

Tags

windowsolezero-clickemail

Quick Links

Is your system affected?

Precogs AI detects Windows OLE Remote Code Execution in compiled binaries and firmware β€” even without source code.

Request Deep Analysis

Is Your System Still Exposed to Critical CVEs?

Vulnerabilities like CVE-2025-21298 Windows OLE Remote Code Execution don’t just exist in source code β€” they persist in compiled binaries, containers, and embedded systems. Precogs AI detects vulnerable components across your entire stack β€” even when source code isn’t available.

Request Deep AnalysisBook a demo