No sooner has Microsoft issued an emergency security update for Windows users following attacks spotted in the wild, so news breaks of another ongoing cyberattack targeting Windows. This one, however, does not have a fix as of yet. Here’s what you need to know about CVE-2025-9491.
CVE-2025-9491 Is Now Being Exploited by Attackers in the Wild — No Fix Available from Microsoft
Just as you might have thought that things were improving on the security front as far as Windows users were concerned, with new admin protections announced, and another year of free security updates for Windows 10, comes the latest hammer blow: an active and widespread cyber espionage campaign exploiting what is now a critical vulnerability, with no Microsoft security patch to fix it.
A detailed and highly technical analysis from the cybersecurity boffins at Arctic Wolf Labs has confirmed that threat actors affiliated with China are currently exploiting a Windows remote code execution vulnerability, CVE-2025-9491, first reported in March, yes, March, in ongoing attacks.
The attacks appear to be targeting “European diplomatic entities in Hungary, Belgium, and additional European nations,” the analysis determined, but now that the exploit cat is out of the bag, it would not be at all surprising were this vulnerability to be used in much broader campaigns until Microsoft can fix it. So do not think that it does not concern you; it most certainly could.
The current attacks use a chain of phishing emails with an embedded URL that ultimately leads to malicious LNK files, or Windows shortcuts, being delivered to the target. By exploiting the vulnerability that allows obfuscated PowerShell commands to be executed and “extract and deploy a multi-stage malware chain,” Arctic Wolf said, “culminating in PlugX remote access trojan deployment,” the cyber damage is then done.
I have approached Microsoft for a statement and will update this article as soon as I hear back, but in the meantime, with no readily available security patch to apply, Windows users are advised to block .lnk files from any untrusted source within their Windows Explorer settings.