CVE-2025-21298 PoC — Windows OLE Remote Code Execution Vulnerability

Source

https://github.com/Denyningbow/rtf-ctf-cve-2025-21298

Associated Vulnerability

Title:Windows OLE Remote Code Execution Vulnerability (CVE-2025-21298)
Description:Windows OLE Remote Code Execution Vulnerability

Description

A safe CTF challenge demonstrating CVE-2025-21298 using RTF and OLE objects.

Readme

# RTF CTF Challenge - CVE-2025-21298 (Safe Demo)

This repository contains a **safe** Capture The Flag (CTF) challenge designed to demonstrate the concept of **RTF-based OLE exploits** (similar to CVE-2025-21298) **without any real malicious payload**.

## 🔍 Challenge Objective
Your goal is to extract and analyze an **RTF file** to uncover a hidden **flag** inside an embedded OLE object.


🔍 How to Solve the Challenge
After players receive safe_exploit.rtf, they can extract the OLE object using:

Python 3 (For running oletools)

1 oletools (for analyzing RTF files)
🔹 A Python toolset to inspect OLE objects in RTF and Office documents.
🔹 Install it via pip:
bash
pip install oletools
                              or
2 rtfobj (from oletools)
🔹 Extracts and inspects OLE objects embedded inside RTF files.
🔹 Usage:
rtfobj ctf_cve_2025_21298.rtf

#
bash
rtfobj safe_exploit.rtf
The extracted data will reveal:
FLAG{SAFE_...}
This simulates how real-world CVE exploits hide payloads in OLE objects inside RTF files.

File Snapshot


 [4.0K]  /data/pocs/872bc27714589ee2c063a2bfad7908c611a13bb3
├── [ 159]  ctf_cve_2025_21298.rtf
└── [1.0K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!