CVE-2025-9491 in Windowsالمعلومات

الملخص

بحسب MITRE • 26/08/2025

Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25373.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

مسؤول

Zdi

حجز

26/08/2025

إفشاء

26/08/2025

الاعتدال

تمت الموافقة

إدخال

VDB-321474

EPSS

0.63102

KEV

لا

النشاطات

منخفض جدًا

المصادر

Do you want to use VulDB in your project?

Use the official API to access entries easily!