Windows users face a longstanding and actively exploited security threat that Microsoft has yet to address: the CVE-2025-9491 LNK file vulnerability, which has persisted for more than eight years. Security researchers from Arctic Wolf recently highlighted renewed attacks on this flaw, noting that hacker groups targeted diplomats across Belgium, Hungary, Italy, Serbia, and the Netherlands in late 2024. The flaw allows attackers to execute malicious code simply by tricking a user into opening a compromised LNK file, a method that has been widely used in cyber espionage campaigns.
In these latest incidents, attackers attempted to deploy Trojan malware granting remote access and full control over affected devices. Past campaigns indicate that state-backed hackers from nations including China, Iran, North Korea, and Russia have leveraged similar exploits for espionage purposes. The simplicity and reach of this attack method make it a significant risk for government and enterprise networks alike.
Microsoft has been made aware of CVE-2025-9491 through Trend ZDI’s bug bounty program, yet no patch has been released. The reasons for this inaction remain unclear, leaving systems vulnerable to continued exploitation. Security professionals are urging immediate mitigations, including blocking LNK file execution from unknown sources, while awaiting a resolution from Microsoft.