CVE-2025-1729 - Privilege Escalation Using TPQMAssistant.exe

A researcher discovered a local DLL sideloading vulnerability in Lenovo's TrackPoint Quick Menu where TPQMAssistant.exe (scheduled to run daily under the logged-in user) attempts to load hostfxr.dll from a user-writable C:\ProgramData\Lenovo\TPQM directory; by planting a malicious hostfxr.dll a standard user can achieve code execution that will run when an administrator later logs in, enabling potential privilege escalation. The researcher provided PoC evidence, coordinated disclosure with Lenovo PSIRT, and Lenovo issued a UWP-based update and a planned system update to remove the vulnerable win32 scheduler.