Microsoft quietly shuts down Windows shortcut flaw after years of espionage abuse

Microsoft quietly mitigated CVE-2025-9491, a Windows .lnk shortcut parsing flaw long abused to hide malicious command-line arguments and enable hidden code execution. The vulnerability has been exploited since 2017 by multiple state-sponsored and criminal groups—most recently UNC6384/Mustang Panda—to deploy PlugX via obfuscated PowerShell and DLL sideloading against European diplomatic targets; Microsoft added a silent mitigation in November 2025, but many systems may remain unpatched and at risk.