Main Vulnerability Database Exploits ID:12265 - Exploit for Spoofing attack in Windows and Windows Server - CVE-2025-9491

ID:12265 - Exploit for Spoofing attack in Windows and Windows Server - CVE-2025-9491

Published: January 9, 2026

Vulnerability identifier: #VU105851

Vulnerability risk: High

CVE-ID: CVE-2025-9491

CWE-ID: CWE-451

Exploitation vector: Remote access

Vulnerable software:
Windows
Windows Server

Link to public exploit:

https://github.com/Amperclock/CVE-2025-9491_POC

Vulnerability description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data in .lnk files. A remote attacker can hide command line arguments inside an .lnk file, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install update from vendor's website.

ID:12265 - Exploit for Spoofing attack in Windows and Windows Server - CVE-2025-9491

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human