CVE-2025-9491
HIGH EXPLOITEDMicrosoft Windows - RCE
Title source: llmDescription
Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25373.
Exploits (1)
nomisec
WORKING POC
19 stars
by Amperclock · client-side
https://github.com/Amperclock/CVE-2025-9491_POC
Scores
CVSS v3
7.8
EPSS
0.0044
EPSS Percentile
63.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2025-10-30
CWE
CWE-451
Status
published
Products (1)
microsoft/windows_11_23h2
10.0.22631.4169
Published
Aug 26, 2025
Tracked Since
Feb 18, 2026