Security News

Cybersecurity news aggregator

🪟
MEDIUM Vulnerabilities Web Discovery

CVE-2025-9491

windowslnkcve-2025-9491mitre-ta0001mitre-ta0002
  • What: A vulnerability exists in Microsoft Windows' handling of .LNK files that could allow remote code execution.
  • Impact: An attacker can craft a malicious .LNK file that appears harmless but executes code in the context of the current user when opened.
Read Full Article →

CVE-2025-9491 medium Description Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25373. References https://www.zerodayinitiative.com/advisories/ZDI-25-148/ https://www.bleepingcomputer.com/news/microsoft/microsoft-new-windows-lnk-spoofing-issues-arent-vulnerabilities/ https://www.theregister.com/2025/12/04/microsoft_lnk_bug_fix/ https://www.securityweek.com/microsoft-silently-mitigated-exploited-lnk-vulnerability/ https://www.bleepingcomputer.com/news/microsoft/microsoft-mitigates-windows-lnk-flaw-exploited-as-zero-day/ https://thehackernews.com/2025/12/microsoft-silently-patches-windows-lnk.html https://www.databreachtoday.com/unpatched-windows-flaw-boon-for-nation-state-hackers-a-29941 https://www.securityweek.com/chinese-apt-exploits-unpatched-windows-flaw-in-recent-attacks/ https://www.helpnetsecurity.com/2025/10/31/zdi-can-25373-cve-2025-9491-exploited-again/ https://www.bleepingcomputer.com/news/security/chinese-hackers-exploit-windows-zero-day-to-spy-on-european-diplomats/ https://thehackernews.com/2025/10/china-linked-hackers-exploit-windows.html https://arstechnica.com/security/2025/10/two-windows-vulnerabilities-one-a-0-day-are-under-active-exploitation/ https://www.theregister.com/2025/10/30/suspected_chinese_snoops_abuse_unpatched/ https://www.virustotal.com/gui/file/a55789d49c395a9b16cb56b0544266d9ecee409fa3c5fead8082f28c2aff4e76 https://msrc.microsoft.com/update-guide/advisory/ADV25258226 Details Source: Mitre , NVD Published : 2025-08-26 Updated : 2025-11-05 Risk Information CVSS v2 Base Score : 7.2 Vector : CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C Severity : High CVSS v3 Base Score : 7.8 Vector : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Severity : High CVSS v4 Base Score : 4.6 Vector : CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Severity : Medium EPSS EPSS : 0.00286 Vulnerability Watch Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog . Vulnerability of Interest

Related Articles

CRITICAL Microsoft Patches Widely Exploited Windows LNK Zero-Day Web Discovery HIGH Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation Web Discovery HIGH Four new reasons why Windows LNK files cannot be trusted CSO Online MEDIUM Windows shortcut weaponized in Phorpiex-linked ransomware campaign CSO Online
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn