CVE-2025-9491 Exploited in Europe with No Microsoft Fix

01 Nov 2025

Arctic Wolf Labs reports that threat actors are exploiting CVE-2025-9491, impacting Microsoft Windows users in Europe. The vulnerability allows remote code execution, first disclosed in March 2025.

Attacks on Diplomats

China-affiliated cybercriminals have targeted diplomatic entities in Hungary, Belgium, among others, using this vulnerability. Their strategy involves phishing emails with URLs leading to .lnk shortcuts. These shortcuts execute obfuscated PowerShell commands.

Risk and Mitigations

The attack results in the deployment of PlugX, a remote access trojan. As a preventive measure, users should block .lnk files from unknown sources in Windows Explorer settings. Microsoft has yet to announce a patch to mitigate this risk.

  • Arctic Wolf Labs confirmed the exploitation on 2025-11-01.
  • Vulnerability allows remote code execution in Windows.
  • Targets include diplomatic entities across Europe.
  • No patch is currently available from Microsoft.
  • Blocking .lnk files advised as a temporary mitigation.

Update: 01 Nov 2025

Top charts for Desktop Windows

uTorrent

uTorrent

Latest update uTorrent download for free for Windows PC or Android mobile

5
1032 reviews
7508630
downloads
Zona

Zona

Latest update Zona download for free for Windows PC or Android mobile

4
614 reviews
1735698
downloads
WinRAR

WinRAR

Streamline file management with fast compression, secure your documents, and save space.

5
735 reviews
746792
downloads
Minecraft

Minecraft

Shape environments, explore vast worlds, and survive against monsters with endless creativity.

5
750 reviews
497266
downloads

Comments (0)

No comments yet. Be the first to comment!