Impact
The vulnerability in the Host Process for Windows Tasks exposes an improper link resolution before file access, also known as link following. This flaw permits an attacker with local user privileges to craft a path that the host process incorrectly resolves and opens, enabling the escalation of programmatic privileges. The weakness is identified as CWE‑59 and allows the execution of operations with system-level rights, exposing the confidentiality, integrity, and availability of the affected system to compromise.
Affected Systems
Microsoft Windows 11 versions 24H2 and 25H2, as well as Windows Server 2025 and its Server Core installation are impacted. The host process that manages scheduled tasks is the component that requires remediation.
Risk and Exploitability
The CVSS score of 7.8 marks this as high severity, while the EPSS score of 5% indicates a relatively low probability of exploitation under current conditions. Because the flaw requires local user context, the attack vector is most likely local. The vulnerability appears in the CISA Known Exploited Vulnerabilities catalog, confirming that exploitation is already occurring in the wild. Given the combination of high severity and verified exploitation, organizations should treat this as a priority for remediation.
OpenCVE Enrichment