Microsoft Silently Mitigated Exploited LNK Vulnerability

Microsoft has silently mitigated an exploited LNK vulnerability with its November 2025 security updates, Acros Security says.

Tracked as CVE-2025-9491 (CVSS score of 7.0), the security defect allowed threat actors to obfuscate the purpose of malicious LNK files by hiding code from the user’s view.

The bug was disclosed in March by Trend Micro’s Zero Day Initiative (ZDI), which warned that nearly a dozen threat actors had been exploiting it for years. In October, exploitation was still ongoing.

ZDI explained that Windows failed to display critical information that could surface malicious activity when the user inspected the properties tab of a shortcut (LNK) file.

Thus, threat actors have been using specially crafted LNK files embedding command-line arguments leading to malware execution.

As successful exploitation requires that the user manually execute the shortcut file, the attackers have been disguising them as harmless documents.

The issue was that, when ...