- Description
- Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_11_24h2, windows_11_25h2, windows_server_2025
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-59
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
4
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "208734FD-5175-4856-9D08-ED6CFF64AA14",
"versionEndExcluding": "10.0.26100.7623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "846261D4-ECC2-4DCB-8F8F-F27F8C99F061",
"versionEndExcluding": "10.0.26100.7623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "33E138A3-968B-4109-AC13-D488685F0AF2",
"versionEndExcluding": "10.0.26200.7623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "CC1FE5A1-3E6E-4606-899B-BF7BF3D3DD8D",
"versionEndExcluding": "10.0.26200.7623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D44880ED-E8E9-49A8-BD56-503C63D40000",
"versionEndExcluding": "10.0.26100.32230",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]