Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

Microsoft silently patched CVE-2025-9491, a Windows Shortcut (LNK) file UI misinterpretation vulnerability with a CVSS score of 7.8/7.0 that has been actively exploited by threat actors since 2017. The flaw was addressed as part of Microsoft's November 2025 Patch Tuesday updates. The vulnerability could lead to remote code execution through malicious LNK files that misrepresent their actual target to users. Multiple threat actors have been leveraging this flaw for years before Microsoft finally addressed it. ACROS Security's 0patch reported on the silent fix by Microsoft.