CVE-2026-25185

Name of the Vulnerable Software and Affected Versions Windows (affected versions prior to March 2026 updates)

Description An issue in Windows Shell Link Processing, specifically within the IShellLink interface, involves the exposure of sensitive information due to insufficient protection of service data. This allows an unauthorized remote attacker to perform spoofing over a network. Technical analysis indicates that specific combinations within ExtraData blocks can be used to silently coerce authentication without requiring any user interaction (zero-click).

Recommendations Apply the March 2026 Windows Updates to resolve the issue.