Back to KEVs

CVE-2025-9491

Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability

Basic Information

CVE State
PUBLISHED
Reserved Date
August 26, 2025
Published Date
August 26, 2025
Last Updated
December 05, 2025
Vendor
Microsoft
Product
Windows
Description
Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25373.

CVSS Scores

CVSS v4.0

4.6 - MEDIUM

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

CVSS v3.1

3.3 - LOW

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS v3.0

7.0 - HIGH

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC Information

Exploitation
poc
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2026-06-01 10:43:58 UTC) Source

References

https://www.zerodayinitiative.com/advisories/ZDI-25-148/

Known Exploited Vulnerability Information

Source Added Date
CVE 2026-06-01 10:43:58 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel