Search criteria
591 vulnerabilities
CVE-2025-12048 (GCVE-0-2025-12048)
Vulnerability from cvelistv5 – Published: 2025-11-12 19:19 – Updated: 2025-11-12 21:03
VLAI?
Summary
An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the affected system.
Severity ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Scanner Pro |
Affected:
0 , ≤ 1.0.0.4
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T20:37:09.743050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T21:03:22.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Scanner Pro",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "1.0.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:scanner_pro:*:*:windows:*:*:*:*:*",
"versionEndIncluding": "1.0.0.4",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the affected system.\u003cbr\u003e"
}
],
"value": "An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the affected system."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T19:19:05.108Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/434326"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This product is no longer being supported. Lenovo recommends customers discontinue use of this product.\u003cbr\u003e"
}
],
"value": "This product is no longer being supported. Lenovo recommends customers discontinue use of this product."
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-12048",
"datePublished": "2025-11-12T19:19:05.108Z",
"dateReserved": "2025-10-21T20:07:42.113Z",
"dateUpdated": "2025-11-12T21:03:22.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12047 (GCVE-0-2025-12047)
Vulnerability from cvelistv5 – Published: 2025-11-12 19:18 – Updated: 2025-11-12 21:03
VLAI?
Summary
A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to disclose sensitive user files from the application.
Severity ?
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Scanner Pro |
Affected:
0 , < 1.2.7
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12047",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T20:37:17.874476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T21:03:27.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "Scanner Pro",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.2.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:scanner_pro:*:*:android:*:*:*:*:*",
"versionEndExcluding": "1.2.7",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to disclose sensitive user files from the application.\u003cbr\u003e"
}
],
"value": "A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to disclose sensitive user files from the application."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T19:18:57.396Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/434327"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpdate Lenovo Scanner Pro application to version 1.2.7 or later.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Update Lenovo Scanner Pro application to version 1.2.7 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-12047",
"datePublished": "2025-11-12T19:18:57.396Z",
"dateReserved": "2025-10-21T20:07:41.750Z",
"dateUpdated": "2025-11-12T21:03:27.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10495 (GCVE-0-2025-10495)
Vulnerability from cvelistv5 – Published: 2025-11-12 19:18 – Updated: 2025-11-13 04:55
VLAI?
Summary
A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code.
Severity ?
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo | App Store |
Affected:
0 , < 9.0.2530.1027
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Lenovo thanks Wanjie from Huazhong University of Science and Technology for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T04:55:37.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "App Store",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.0.2530.1027",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC Manager",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.1.140.9262",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Browser",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.0.6.9111",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Legion Zone",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "2.0.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:app_store:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.2530.1027",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:pc_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.140.9262",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:browser:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.6.9111",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:legion_zone:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.21",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Wanjie from Huazhong University of Science and Technology for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code. \u003cbr\u003e"
}
],
"value": "A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T19:18:44.859Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/434328"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Lenovo App Store Client to version 9.0.2530.1027 or later.\u003cbr\u003e"
}
],
"value": "Update Lenovo App Store Client to version 9.0.2530.1027 or later."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Lenovo PC Manager to version 5.1.140.9262 or later.\u003cbr\u003e"
}
],
"value": "Update Lenovo PC Manager to version 5.1.140.9262 or later."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Lenovo Browser Client to version 9.0.6.9111 or later.\u003cbr\u003e"
}
],
"value": "Update Lenovo Browser Client to version 9.0.6.9111 or later."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Legion Zone Client to version 2.0.21 or later.\u003cbr\u003e"
}
],
"value": "Update Legion Zone Client to version 2.0.21 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-10495",
"datePublished": "2025-11-12T19:18:44.859Z",
"dateReserved": "2025-09-15T19:25:35.895Z",
"dateUpdated": "2025-11-13T04:55:37.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8485 (GCVE-0-2025-8485)
Vulnerability from cvelistv5 – Published: 2025-11-12 19:18 – Updated: 2025-11-12 21:03
VLAI?
Summary
An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application.
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Credits
Lenovo thanks Wanjie from Huazhong University of Science and Technology for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8485",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T20:37:35.285150Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T21:03:39.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "App Store",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.0.2530.1027",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:app_store:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.2530.1027",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Wanjie from Huazhong University of Science and Technology for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application."
}
],
"value": "An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T19:18:28.696Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/434329"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpdate Lenovo App Store Client to version 9.0.2530.1027 or later.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Update Lenovo App Store Client to version 9.0.2530.1027 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-8485",
"datePublished": "2025-11-12T19:18:28.696Z",
"dateReserved": "2025-08-01T19:34:14.601Z",
"dateUpdated": "2025-11-12T21:03:39.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8421 (GCVE-0-2025-8421)
Vulnerability from cvelistv5 – Published: 2025-11-12 19:17 – Updated: 2025-11-12 21:03
VLAI?
Summary
An improper default permission vulnerability was reported in Lenovo Dock Manager that, under certain conditions during installation, could allow an authenticated local user to redirect log files with elevated privileges.
Severity ?
6.6 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Dock Manager |
Affected:
0 , < 1.6.5.2
(custom)
|
Credits
Lenovo thanks Sheikh Rishad for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8421",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T20:42:25.382658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T21:03:45.571Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dock Manager",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.6.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:dock_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.6.5.2",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Sheikh Rishad for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper default permission vulnerability was reported in Lenovo Dock Manager that, under certain conditions during installation, could allow an authenticated local user to redirect log files with elevated privileges."
}
],
"value": "An improper default permission vulnerability was reported in Lenovo Dock Manager that, under certain conditions during installation, could allow an authenticated local user to redirect log files with elevated privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T19:17:59.562Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-198729"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Lenovo Dock Manager to version 1.5.2.5 or later.\u003cbr\u003e"
}
],
"value": "Update Lenovo Dock Manager to version 1.5.2.5 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-8421",
"datePublished": "2025-11-12T19:17:59.562Z",
"dateReserved": "2025-07-31T14:54:50.461Z",
"dateUpdated": "2025-11-12T21:03:45.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11193 (GCVE-0-2025-11193)
Vulnerability from cvelistv5 – Published: 2025-11-03 21:40 – Updated: 2025-11-03 21:47
VLAI?
Summary
A potential vulnerability was reported in some Lenovo Tablets that could allow a local authenticated user or application to gain access to sensitive device specific information.
Severity ?
5.5 (Medium)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo | Tab M11 TB330FU TB330XU |
Affected:
0 , < TB330FU_ROW_OPEN_USER_V5_V_ZUI_17.0.274_ST_251011
(custom)
Affected: 0 , < TB330XU_ROW_OPEN_USER_V5_V_ZUI_17.0.235_ST_251011 (custom) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Lenovo thanks Tim Schumacher for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11193",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-03T21:47:43.211390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T21:47:52.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Tab M11 TB330FU TB330XU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TB330FU_ROW_OPEN_USER_V5_V_ZUI_17.0.274_ST_251011",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "TB330XU_ROW_OPEN_USER_V5_V_ZUI_17.0.235_ST_251011",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab K11 TB330FU TB330FUP TB330XU TB330XUP",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TB330FU_ROW_OPEN_USER_V5_V_ZUI_17.0.274_ST_251011",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "TB330XU_ROW_OPEN_USER_V5_V_ZUI_17.0.235_ST_251011",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Idea Tab Pro TB373FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.04.184",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab WiFi 5G",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.10.457",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab K9 TB305FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.10.069",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab K9 TB305XU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.10.065",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab Plus TB520FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.12.203",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab M8 4th Gen 2024 TB301FU TB301XU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TB300FU_USR_S101112_250919_MP1V1111_ROW",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "TB300XU_USR_S101103_250919_MP1V1111_ROW",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab Extreme TB570ZU TB570FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.104",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab M10 5G TB360ZU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "16.0.783",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab M8 4th Gen TB300FU TB300XU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TB300FU_USR_S101112_250919_MP1V1111_ROW",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "TB300XU_USR_S101103_250919_MP1V1111_ROW",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab M9 TB310FU TB310XU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TB310FU_USR_S000912_2510022135_mp1V969_ROW",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "TB310XU_USR_S000913_2510021921_mp1V969_ROW",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab P11 2nd Gen TB350XU TB350FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TB350XU_USER_S230920_2508120308_MP_ROW",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "TB350FU_USER_S230917_2508090248_MP_ROW",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab P12 TB370FU TB372FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "TB370FU_ROW_OPEN_USER_V5_V_ZUI_17.0.187_ST_250817",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "TB372FC_ROW_OPEN_USER_V5_V_ZUI_17.0.116_ST_250822",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab WIFI",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.30.303",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab K11 Plus LTE TB352FU TB352XU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.10.213",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab K11 Plus WIFI TB352FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.10.213",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Yoga Tab Plus TB520FU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.5.10.035",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Tab One TB305FUXU",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "17.0.10.107",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_m11_tb330fu_tb330xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb330fu_row_open_user_v5_v_zui_17.0.274_st_251011",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:tab_m11_tb330fu_tb330xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb330xu_row_open_user_v5_v_zui_17.0.235_st_251011",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_k11_tb330fu_tb330fup_tb330xu_tb330xup:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb330fu_row_open_user_v5_v_zui_17.0.274_st_251011",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:tab_k11_tb330fu_tb330fup_tb330xu_tb330xup:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb330xu_row_open_user_v5_v_zui_17.0.235_st_251011",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:idea_tab_pro_tb373fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.04.184",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_wifi_5g:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.10.457",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_k9_tb305fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.10.069",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_k9_tb305xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.10.065",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_plus_tb520fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.12.203",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_m8_4th_gen_2024_tb301fu_tb301xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb300fu_usr_s101112_250919_mp1v1111_row",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:tab_m8_4th_gen_2024_tb301fu_tb301xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb300xu_usr_s101103_250919_mp1v1111_row",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_extreme_tb570zu_tb570fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.104",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_m10_5g_tb360zu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.783",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_m8_4th_gen_tb300fu_tb300xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb300fu_usr_s101112_250919_mp1v1111_row",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:tab_m8_4th_gen_tb300fu_tb300xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb300xu_usr_s101103_250919_mp1v1111_row",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_m9_tb310fu_tb310xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb310fu_usr_s000912_2510022135_mp1v969_row",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:tab_m9_tb310fu_tb310xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb310xu_usr_s000913_2510021921_mp1v969_row",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_p11_2nd_gen_tb350xu_tb350fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb350xu_user_s230920_2508120308_mp_row",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:tab_p11_2nd_gen_tb350xu_tb350fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb350fu_user_s230917_2508090248_mp_row",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_p12_tb370fu_tb372fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb370fu_row_open_user_v5_v_zui_17.0.187_st_250817",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:tab_p12_tb370fu_tb372fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "tb372fc_row_open_user_v5_v_zui_17.0.116_st_250822",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_wifi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.30.303",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_k11_plus_lte_tb352fu_tb352xu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.10.213",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_k11_plus_wifi_tb352fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.10.213",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:yoga_tab_plus_tb520fu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.5.10.035",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:tab_one_tb305fuxu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.10.107",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Tim Schumacher for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential vulnerability was reported in some Lenovo Tablets that could allow a local authenticated user or application to gain access to sensitive device specific information.\u003c/span\u003e"
}
],
"value": "A potential vulnerability was reported in some Lenovo Tablets that could allow a local authenticated user or application to gain access to sensitive device specific information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256: Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T21:40:32.038Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-202383"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate to the version (or newer) indicated for your model in the Product Impact section in the advisory:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-202383\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-202383\u003c/a\u003e\u003c/p\u003e\u003cp\u003eSee details on updating your Lenovo Android device \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://pcsupport.lenovo.com/us/en/solutions/ht117027\"\u003ehere\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "Update to the version (or newer) indicated for your model in the Product Impact section in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-202383 \n\nSee details on updating your Lenovo Android device here https://pcsupport.lenovo.com/us/en/solutions/ht117027 ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-11193",
"datePublished": "2025-11-03T21:40:32.038Z",
"dateReserved": "2025-09-30T16:21:23.339Z",
"dateUpdated": "2025-11-03T21:47:52.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10699 (GCVE-0-2025-10699)
Vulnerability from cvelistv5 – Published: 2025-10-15 14:25 – Updated: 2025-10-16 19:58
VLAI?
Summary
A vulnerability was reported in the Lenovo LeCloud client application that, under certain conditions, could allow information disclosure.
Severity ?
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | LeCloud Client |
Affected:
0 , ≤ 2.501.25.0
(custom)
|
Credits
Lenovo thanks Wanjie from Huazhong University of Science and Technology for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T19:58:11.463992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T19:58:26.300Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LeCloud Client",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "2.501.25.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:lecloud_client:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.501.25.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Wanjie from Huazhong University of Science and Technology for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability was reported in the Lenovo LeCloud client application that, under certain conditions, could allow information disclosure.\u003c/span\u003e"
}
],
"value": "A vulnerability was reported in the Lenovo LeCloud client application that, under certain conditions, could allow information disclosure."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T14:25:54.914Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/432379"
},
{
"url": "https://lecloud.lenovo.com/index"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis product is no longer being supported. Lenovo recommends customers discontinue use of this product.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "This product is no longer being supported. Lenovo recommends customers discontinue use of this product."
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-10699",
"datePublished": "2025-10-15T14:25:54.914Z",
"dateReserved": "2025-09-18T17:33:03.921Z",
"dateUpdated": "2025-10-16T19:58:26.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10581 (GCVE-0-2025-10581)
Vulnerability from cvelistv5 – Published: 2025-10-15 14:25 – Updated: 2025-10-16 03:56
VLAI?
Summary
A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges.
Severity ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | PC Manager |
Affected:
0 , < 5.1.140.9262
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T03:56:51.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PC Manager",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.1.140.9262",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:pc_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.140.9262",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges.\u003c/span\u003e"
}
],
"value": "A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T14:25:49.015Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/432378"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpdate Lenovo PC Manager to version 5.1.140.9262 or later.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Update Lenovo PC Manager to version 5.1.140.9262 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-10581",
"datePublished": "2025-10-15T14:25:49.015Z",
"dateReserved": "2025-09-16T19:59:11.762Z",
"dateUpdated": "2025-10-16T03:56:51.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9548 (GCVE-0-2025-9548)
Vulnerability from cvelistv5 – Published: 2025-10-15 14:25 – Updated: 2025-10-16 19:57
VLAI?
Summary
A potential null pointer dereference vulnerability was reported in the Lenovo Power Management Driver that could allow a local authenticated user to cause a Windows blue screen error.
Severity ?
5.5 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Power Management Driver |
Affected:
0 , < 1.69.70.0
(custom)
|
Credits
Lenovo thanks Sam Dalgleish for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T19:56:52.354318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T19:57:38.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Power Management Driver",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.69.70.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:power_management_driver:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.69.70.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Sam Dalgleish for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential null pointer dereference vulnerability was reported in the Lenovo Power Management Driver that could allow a local authenticated user to cause a Windows blue screen error. \u003c/span\u003e"
}
],
"value": "A potential null pointer dereference vulnerability was reported in the Lenovo Power Management Driver that could allow a local authenticated user to cause a Windows blue screen error."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T14:25:42.495Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-203293"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to the version (or newer) indicated in the advisory:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-203293\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-203293\u003c/a\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Upgrade to the version (or newer) indicated in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-203293"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-9548",
"datePublished": "2025-10-15T14:25:42.495Z",
"dateReserved": "2025-08-27T15:48:26.608Z",
"dateUpdated": "2025-10-16T19:57:38.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8486 (GCVE-0-2025-8486)
Vulnerability from cvelistv5 – Published: 2025-10-15 14:25 – Updated: 2025-10-16 19:56
VLAI?
Summary
A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges.
Severity ?
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | PC Manager |
Affected:
0 , < 5.1.140.9262
(custom)
|
Credits
Lenovo thanks CNVD for reporting CVE-2025-8486.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T03:56:52.346018Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T19:56:04.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PC Manager",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.1.140.9262",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:pc_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.140.9262",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks CNVD for reporting CVE-2025-8486."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges. \u003c/span\u003e"
}
],
"value": "A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T14:25:36.182Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/432378"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpdate Lenovo PC Manager to version 5.1.140.9262 or later.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Update Lenovo PC Manager to version 5.1.140.9262 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-8486",
"datePublished": "2025-10-15T14:25:36.182Z",
"dateReserved": "2025-08-01T19:34:15.049Z",
"dateUpdated": "2025-10-16T19:56:04.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6026 (GCVE-0-2025-6026)
Vulnerability from cvelistv5 – Published: 2025-10-15 14:25 – Updated: 2025-10-21 12:22
VLAI?
Summary
An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data.
Severity ?
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Universal Device Client |
Affected:
0 , < 25.7.0.21
(custom)
|
Credits
Lenovo thanks Tomi Koski from Visma / Red Team for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T19:52:11.006758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T19:52:29.418Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Universal Device Client",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "25.7.0.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:universal_device_client:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.7.0.21",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Tomi Koski from Visma / Red Team for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data.\u003c/span\u003e"
}
],
"value": "An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T12:22:42.749Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-198727"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Lenovo UDC to version 25.7.0.21 (or newer).\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLenovo UDC is updated automatically through Windows Update.\u003c/span\u003e\n\n\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Update Lenovo UDC to version 25.7.0.21 (or newer).\u00a0\n\nLenovo UDC is updated automatically through Windows Update."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-6026",
"datePublished": "2025-10-15T14:25:29.294Z",
"dateReserved": "2025-06-12T12:28:13.697Z",
"dateUpdated": "2025-10-21T12:22:42.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8061 (GCVE-0-2025-8061)
Vulnerability from cvelistv5 – Published: 2025-09-11 18:34 – Updated: 2025-09-22 15:48
VLAI?
Summary
A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated local user to execute code with elevated privileges. The Lenovo Dispatcher 3.2 driver is not affected. This vulnerability does not affect systems when the Windows feature Core Isolation Memory Integrity is enabled. Lenovo systems preloaded with Windows 11 have this feature enabled by default.
Severity ?
CWE
- CWE-782 - Exposed IOCTL with Insufficient Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Lenovo | Dispatcher 3.0 Driver |
Affected:
0 , < 3.1.0.41
(custom)
|
|||||||
|
|||||||||
Credits
Lenovo thanks YiShun Zeng and Luis Casvella of Quarkslab for independently reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8061",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-11T18:54:27.451797Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T18:54:41.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dispatcher 3.0 Driver",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.1.0.41",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dispatcher 3.1 Driver",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.1.0.41",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:dispatcher_3.0_driver:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.0.41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:dispatcher_3.1_driver:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.0.41",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks YiShun Zeng and Luis Casvella of Quarkslab for independently reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated local user to execute code with elevated privileges. The Lenovo Dispatcher 3.2 driver is not affected. This vulnerability does not affect systems when the Windows feature Core Isolation Memory Integrity is enabled. Lenovo systems preloaded with Windows 11 have this feature enabled by default.\u003c/span\u003e"
}
],
"value": "A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated local user to execute code with elevated privileges. The Lenovo Dispatcher 3.2 driver is not affected. This vulnerability does not affect systems when the Windows feature Core Isolation Memory Integrity is enabled. Lenovo systems preloaded with Windows 11 have this feature enabled by default."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-782",
"description": "CWE-782: Exposed IOCTL with Insufficient Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T15:48:36.752Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-200860"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate\u0026nbsp;to the version (or newer) indicated for your model in the Product Impact section in the advisory:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-200860\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-200860\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Update\u00c2\u00a0to the version (or newer) indicated for your model in the Product Impact section in the advisory:\u00c2\u00a0 https://support.lenovo.com/us/en/product_security/LEN-200860"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-8061",
"datePublished": "2025-09-11T18:34:52.421Z",
"dateReserved": "2025-07-22T20:46:17.396Z",
"dateUpdated": "2025-09-22T15:48:36.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8557 (GCVE-0-2025-8557)
Vulnerability from cvelistv5 – Published: 2025-09-11 18:34 – Updated: 2025-09-11 18:56
VLAI?
Summary
An internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below vulnerability:
An attacker with access to a device on the local Lenovo XClarity Orchestrator (LXCO) network segment may be able to manipulate the local device to create an alternate communication channel which could allow the attacker, under certain conditions, to directly interact with backend LXCO API services typically inaccessible to users. While access controls may limit the scope of interaction, this could result in unauthorized access to internal functionality or data. This issue is not exploitable from remote networks.
Severity ?
CWE
- CWE-420 - Unprotected Alternate Channel
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | XClarity Orchestrator (LXCO) |
Affected:
0 , < 2.2.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8557",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-11T18:55:39.986515Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T18:56:07.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "XClarity Orchestrator (LXCO)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "2.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_orchestrator:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below vulnerability:\u003c/p\u003e\u003cp\u003eAn attacker with access to a device on the local Lenovo XClarity Orchestrator (LXCO) network segment may be able to manipulate the local device to create an alternate communication channel which could allow the attacker, under certain conditions, to directly interact with backend LXCO API services typically inaccessible to users. While access controls may limit the scope of interaction, this could result in unauthorized access to internal functionality or data. This issue is not exploitable from remote networks.\u003c/p\u003e"
}
],
"value": "An internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below vulnerability:\n\nAn attacker with access to a device on the local Lenovo XClarity Orchestrator (LXCO) network segment may be able to manipulate the local device to create an alternate communication channel which could allow the attacker, under certain conditions, to directly interact with backend LXCO API services typically inaccessible to users. While access controls may limit the scope of interaction, this could result in unauthorized access to internal functionality or data. This issue is not exploitable from remote networks."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-420",
"description": "CWE-420: Unprotected Alternate Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T18:34:27.875Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-201014"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update\u0026nbsp;Lenovo XClarity Orchestrator (LXCO) to version 2.2.0 or higher.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "Update\u00c2\u00a0Lenovo XClarity Orchestrator (LXCO) to version 2.2.0 or higher."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-8557",
"datePublished": "2025-09-11T18:34:27.875Z",
"dateReserved": "2025-08-04T14:09:18.816Z",
"dateUpdated": "2025-09-11T18:56:07.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9214 (GCVE-0-2025-9214)
Vulnerability from cvelistv5 – Published: 2025-09-11 18:33 – Updated: 2025-09-11 18:59
VLAI?
Summary
A missing authentication vulnerability was reported in some Lenovo printers that could allow a user to view limited device information or modify network settings via the CUPS service.
Severity ?
5.4 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo | LJ2206W Printer |
Affected:
0 , < Ver.D(1.05)
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Lenovo thanks CNVD for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9214",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-11T18:59:08.155073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T18:59:36.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LJ2206W Printer",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "Ver.D(1.05)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "M7206W Printer",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "Ver.F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "M7216NWA Printer",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "Ver.F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "M7256WHF Printer",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "Ver.F",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LJ2655DN Printer",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "Ver.E(1.06)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "M7615DNA",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "Ver.D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "M7626DNA Printer",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "Ver.D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "M7628DNA Printer",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "Ver.D",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "M7455DNF Printer",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "Ver.E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "M7675DXF Printer",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "Ver.E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "M7685DXF Printer",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "Ver.E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "M7686DXF",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "Ver.E",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:lj2206w_printer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "d_1.05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:m7206w_printer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "f",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:m7216nwa_printer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "f",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:m7256whf_printer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "f",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:lj2655dn_printer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "e_1.06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:m7615dna_printer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "d",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:m7626dna_printer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "d",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:m7628dna_printer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "d",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:m7455DNF_printer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "e",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:m7675dxf_printer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "e",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:m7685dxf_printer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "e",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:m7686dxf_printer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "e",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks CNVD for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA missing authentication vulnerability was reported in some Lenovo printers that could allow a user to view limited device information or modify network settings via the CUPS service.\u003c/span\u003e"
}
],
"value": "A missing authentication vulnerability was reported in some Lenovo printers that could allow a user to view limited device information or modify network settings via the CUPS service."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T18:33:37.362Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/431734"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpgrade to the version (or newer) indicated in the Product Impact section below.\u003c/p\u003e\u003cp\u003eApplicable product updates for all affected products can be downloaded from the following link: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.lenovoimage.com/index.php/services/servers_drivers?baseclass=0\u0026amp;cat_id=2\"\u003ehere\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Upgrade to the version (or newer) indicated in the Product Impact section below.\n\nApplicable product updates for all affected products can be downloaded from the following link: here https://www.lenovoimage.com/index.php/services/servers_drivers"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-9214",
"datePublished": "2025-09-11T18:33:37.362Z",
"dateReserved": "2025-08-19T19:47:09.027Z",
"dateUpdated": "2025-09-11T18:59:36.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9319 (GCVE-0-2025-9319)
Vulnerability from cvelistv5 – Published: 2025-09-11 18:33 – Updated: 2025-09-11 19:07
VLAI?
Summary
A potential vulnerability was reported in the Lenovo Wallpaper Client that could allow arbitrary code execution under certain conditions.
Severity ?
CWE
- CWE-494 - Download of Code Without Integrity Check
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Wallpaper Client |
Affected:
0 , ≤ 3.0.70.3301
(custom)
|
Credits
Lenovo thanks Wan Jie from Huazhong University of Science and Technology for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-11T19:07:49.859220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T19:07:57.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wallpaper Client",
"vendor": "Lenovo",
"versions": [
{
"lessThanOrEqual": "3.0.70.3301",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:wallpaper_client:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.0.70.3301",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Wan Jie from Huazhong University of Science and Technology for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential vulnerability was reported in the Lenovo Wallpaper Client that could allow arbitrary code execution under certain conditions.\u003c/span\u003e"
}
],
"value": "A potential vulnerability was reported in the Lenovo Wallpaper Client that could allow arbitrary code execution under certain conditions."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494: Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T19:00:55.312Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/431733"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLenovo has ended support for Lenovo Wallpaper Client and recommends discontinuation of use.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Lenovo has ended support for Lenovo Wallpaper Client and recommends discontinuation of use."
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-9319",
"datePublished": "2025-09-11T18:33:02.108Z",
"dateReserved": "2025-08-21T17:47:26.640Z",
"dateUpdated": "2025-09-11T19:07:57.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9201 (GCVE-0-2025-9201)
Vulnerability from cvelistv5 – Published: 2025-09-11 18:32 – Updated: 2025-09-11 19:10
VLAI?
Summary
A potential DLL hijacking vulnerability was discovered in Lenovo Browser during an internal security assessment that could allow a local user to execute code with elevated privileges.
Severity ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9201",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-11T19:10:35.116279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T19:10:40.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Browser",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.0.6.8111",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:browser:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.6.8111",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential DLL hijacking vulnerability was discovered in Lenovo Browser during an internal security assessment that could allow a local user to execute code with elevated privileges.\u003c/span\u003e"
}
],
"value": "A potential DLL hijacking vulnerability was discovered in Lenovo Browser during an internal security assessment that could allow a local user to execute code with elevated privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T18:32:24.102Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/431735"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Lenovo Browser to version 9.0.6.8111 or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Lenovo Browser to version 9.0.6.8111 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-9201",
"datePublished": "2025-09-11T18:32:24.102Z",
"dateReserved": "2025-08-19T17:36:15.108Z",
"dateUpdated": "2025-09-11T19:10:40.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8098 (GCVE-0-2025-8098)
Vulnerability from cvelistv5 – Published: 2025-08-18 20:05 – Updated: 2025-08-20 03:56
VLAI?
Summary
An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges.
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | PC Manager |
Affected:
0 , < 5.1.120.7041
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8098",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-19T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T03:56:02.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PC Manager",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.1.120.7041",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:pc_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.120.7041",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges.\u003c/span\u003e"
}
],
"value": "An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T20:05:41.030Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/430658"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Lenovo PC Manager to version 5.1.120.7041 or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Lenovo PC Manager to version 5.1.120.7041 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-8098",
"datePublished": "2025-08-18T20:05:41.030Z",
"dateReserved": "2025-07-23T18:34:57.912Z",
"dateUpdated": "2025-08-20T03:56:02.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4371 (GCVE-0-2025-4371)
Vulnerability from cvelistv5 – Published: 2025-08-18 20:04 – Updated: 2025-08-19 13:01
VLAI?
Summary
A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection.
Severity ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Lenovo | 510 FHD Webcam |
Affected:
0 , < 4.8.0
(custom)
|
|||||||
|
|||||||||
Credits
Lenovo thanks Mickey Shkatov and Jesse Michael of Eclypsium for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-19T13:00:54.117524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:01:02.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "510 FHD Webcam",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Performance FHD Webcam",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:510_fhd_webcam:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:performance_fhd_webcam:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.8.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Mickey Shkatov and Jesse Michael of Eclypsium for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device \u003c/span\u003eover a USB connection."
}
],
"value": "A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T20:04:19.300Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-194466"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate your web camera by downloading and running versio\u003c/span\u003en 4.8.0\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;of the firmware update tool:\u003c/span\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/accessories/acc500235-lenovo-510-fhd-webcam-overview-and-service-parts\"\u003ehttps://support.lenovo.com/us/en/accessories/acc500235-lenovo-510-fhd-webcam-overview-and-service-parts\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update your web camera by downloading and running version 4.8.0\u00c2\u00a0of the firmware update tool:\n https://support.lenovo.com/us/en/accessories/acc500235-lenovo-510-fhd-webcam-overview-and-service-parts"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-4371",
"datePublished": "2025-08-18T20:04:19.300Z",
"dateReserved": "2025-05-05T19:55:25.838Z",
"dateUpdated": "2025-08-19T13:01:02.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4657 (GCVE-0-2025-4657)
Vulnerability from cvelistv5 – Published: 2025-07-17 19:22 – Updated: 2025-07-17 20:05
VLAI?
Summary
A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow a local attacker with elevated privileges to execute arbitrary code.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
Credits
Lenovo thanks Gareth Evans of Kryc for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4657",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T20:05:25.450525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T20:05:36.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PC Manager",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.1.110.5082",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Browser",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.0.6.5061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "App Store",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.0.2230.0617",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:pc_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.110.5082",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:browser:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.6.5061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:app_store:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.2230.0617",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Gareth Evans of Kryc for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow a local attacker with elevated privileges to execute arbitrary code.\u003c/span\u003e"
}
],
"value": "A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow a local attacker with elevated privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T19:22:28.459Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/430155"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Lenovo PC Manager to version 5.1.110.5082 or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Lenovo PC Manager to version 5.1.110.5082 or later."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Lenovo Browser to version 9.0.6.5061 or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Lenovo Browser to version 9.0.6.5061 or later."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Lenovo App Store to version \u003c/span\u003e9.0.2230.0617 \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eor later. \u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Lenovo App Store to version 9.0.2230.0617 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-4657",
"datePublished": "2025-07-17T19:22:28.459Z",
"dateReserved": "2025-05-13T15:36:36.096Z",
"dateUpdated": "2025-07-17T20:05:36.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6249 (GCVE-0-2025-6249)
Vulnerability from cvelistv5 – Published: 2025-07-17 19:20 – Updated: 2025-07-17 20:06
VLAI?
Summary
An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data.
Severity ?
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | FileZ Client |
Affected:
0 , < 11.1.0.14
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T20:06:15.490526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T20:06:40.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FileZ Client",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "11.1.0.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:filez_client:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.0.14",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAn authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602: Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T19:20:01.009Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://www.filez.com/securityPolicy/3.html?1751965890"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpdate FileZ client to version 11.1.0.14 or later.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Update FileZ client to version 11.1.0.14 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-6249",
"datePublished": "2025-07-17T19:20:01.009Z",
"dateReserved": "2025-06-18T18:33:46.433Z",
"dateUpdated": "2025-07-17T20:06:40.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6248 (GCVE-0-2025-6248)
Vulnerability from cvelistv5 – Published: 2025-07-17 19:19 – Updated: 2025-07-17 20:08
VLAI?
Summary
A cross-site scripting (XSS) vulnerability was reported in the Lenovo Browser that could allow an attacker to obtain sensitive information if a user visits a web page with specially crafted content.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T20:07:51.896936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T20:08:01.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Browser",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:browser:*:*:*:*:*:*:*:*",
"versionStartIncluding": "N/A",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA cross-site scripting (XSS) vulnerability was reported in the Lenovo Browser that could allow an attacker to obtain sensitive information if a user visits a web page with specially crafted content.\u003c/span\u003e"
}
],
"value": "A cross-site scripting (XSS) vulnerability was reported in the Lenovo Browser that could allow an attacker to obtain sensitive information if a user visits a web page with specially crafted content."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T19:19:52.864Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/430154"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerable Lenovo Browser component was updated automatically. No user action is required. \u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "The vulnerable Lenovo Browser component was updated automatically. No user action is required."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-6248",
"datePublished": "2025-07-17T19:19:52.864Z",
"dateReserved": "2025-06-18T18:33:45.443Z",
"dateUpdated": "2025-07-17T20:08:01.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6232 (GCVE-0-2025-6232)
Vulnerability from cvelistv5 – Published: 2025-07-17 19:19 – Updated: 2025-07-17 20:12
VLAI?
Summary
An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations.
Severity ?
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Lenovo | Vantage |
Affected:
0 , < 10.2501.20.0
(custom)
|
|||||||
|
|||||||||
Credits
Lenovo thanks Bryan Alexander of Atredis Partners for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T20:12:44.873948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T20:12:52.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Vantage",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "10.2501.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Commercial Vantage",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "20.2506.39.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:vantage:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2501.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:commercial_vantage:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20.2506.39.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Bryan Alexander of Atredis Partners for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations.\u003c/span\u003e"
}
],
"value": "An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T19:19:32.565Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-196648"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Lenovo Vantage to version 10.2501.20.0 (or newer).\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Lenovo Vantage to version 10.2501.20.0 (or newer)."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpdate Lenovo Commercial Vantage to version 20.2506.39.0 (or newer).\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Update Lenovo Commercial Vantage to version 20.2506.39.0 (or newer)."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-6232",
"datePublished": "2025-07-17T19:19:32.565Z",
"dateReserved": "2025-06-18T13:04:06.567Z",
"dateUpdated": "2025-07-17T20:12:52.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6231 (GCVE-0-2025-6231)
Vulnerability from cvelistv5 – Published: 2025-07-17 19:19 – Updated: 2025-07-17 20:12
VLAI?
Summary
An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file.
Severity ?
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Lenovo | Vantage |
Affected:
0 , < 10.2501.20.0
(custom)
|
|||||||
|
|||||||||
Credits
Lenovo thanks Bryan Alexander of Atredis Partners for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6231",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T20:12:21.384683Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T20:12:27.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Vantage",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "10.2501.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Commercial Vantage",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "20.2506.39.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:vantage:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2501.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:commercial_vantage:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20.2506.39.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Bryan Alexander of Atredis Partners for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file.\u003c/span\u003e"
}
],
"value": "An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T19:19:23.288Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-196648"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Lenovo Vantage to version 10.2501.20.0 (or newer).\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Lenovo Vantage to version 10.2501.20.0 (or newer)."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Lenovo Commercial Vantage to version 20.2506.39.0 (or newer).\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Lenovo Commercial Vantage to version 20.2506.39.0 (or newer)."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-6231",
"datePublished": "2025-07-17T19:19:23.288Z",
"dateReserved": "2025-06-18T13:04:05.813Z",
"dateUpdated": "2025-07-17T20:12:27.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6230 (GCVE-0-2025-6230)
Vulnerability from cvelistv5 – Published: 2025-07-17 19:19 – Updated: 2025-08-18 20:14
VLAI?
Summary
A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands.
Severity ?
5.3 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Lenovo | Vantage |
Affected:
0 , < 10.2501.20.0
(custom)
|
|||||||
|
|||||||||
Credits
Lenovo thanks Bryan Alexander of Atredis Partners for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6230",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T20:11:47.510566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T20:11:54.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Vantage",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "10.2501.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Commercial Vantage",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "20.2506.39.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:vantage:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2501.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:commercial_vantage:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20.2506.39.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Bryan Alexander of Atredis Partners for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands.\u003c/span\u003e"
}
],
"value": "A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T20:14:24.458Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-196648"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Lenovo Vantage to version 10.2501.20.0 (or newer).\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Lenovo Vantage to version 10.2501.20.0 (or newer)."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpdate Lenovo Commercial Vantage to version 20.2506.39.0 (or newer).\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Update Lenovo Commercial Vantage to version 20.2506.39.0 (or newer)."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-6230",
"datePublished": "2025-07-17T19:19:12.097Z",
"dateReserved": "2025-06-18T13:04:05.038Z",
"dateUpdated": "2025-08-18T20:14:24.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2818 (GCVE-0-2025-2818)
Vulnerability from cvelistv5 – Published: 2025-07-17 19:17 – Updated: 2025-07-17 20:11
VLAI?
Summary
A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred to a device not paired in Smart Connect.
Severity ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Motorola | Smart Connect Android Application |
Affected:
0 , < 08.0.1.011.0
(custom)
|
Credits
Motorola/Lenovo thanks MS. Candidate Bai Xingyu, Ph.D. Candidate Liu Xiaofeng, Ph.D. Candidate Song Xiangpu, Prof. Hu Chengyu, Prof. Guo Shanqing from Shandong University for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2818",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T20:11:21.730503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T20:11:30.889Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Smart Connect Android Application",
"vendor": "Motorola",
"versions": [
{
"lessThan": "08.0.1.011.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:motorola:smart_connect:*:*:*:*:*:android:*:*",
"versionEndExcluding": "08.0.1.011.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Motorola/Lenovo thanks MS. Candidate Bai Xingyu, Ph.D. Candidate Liu Xiaofeng, Ph.D. Candidate Song Xiangpu, Prof. Hu Chengyu, Prof. Guo Shanqing from Shandong University for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred to a device not paired in Smart Connect. \u003cbr\u003e\u003c/p\u003e"
}
],
"value": "A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred to a device not paired in Smart Connect."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T19:17:51.443Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/186727"
},
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-188742"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Motorola Smart Connect Android Application to version 08.0.1.011.0 (or newer).\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Motorola Smart Connect Android Application to version 08.0.1.011.0 (or newer)."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-2818",
"datePublished": "2025-07-17T19:17:51.443Z",
"dateReserved": "2025-03-26T14:25:01.182Z",
"dateUpdated": "2025-07-17T20:11:30.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1729 (GCVE-0-2025-1729)
Vulnerability from cvelistv5 – Published: 2025-07-17 19:17 – Updated: 2025-07-17 20:10
VLAI?
Summary
A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges.
Severity ?
6.7 (Medium)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | TrackPoint Quick Menu |
Affected:
0 , < 1.12.54.0
(custom)
|
Credits
Lenovo thanks Oddvar Moe of TrustedSec for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1729",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T20:10:32.991569Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T20:10:45.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TrackPoint Quick Menu",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.12.54.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:trackpoint_quick_menu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.12.54.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Oddvar Moe of TrustedSec for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges. \u003c/span\u003e"
}
],
"value": "A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T19:17:11.439Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-189489"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate TrackPoint Quick Menu software to version 1.12.54.0:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-189489\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-189489\u003c/a\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Update TrackPoint Quick Menu software to version 1.12.54.0:\u00c2\u00a0 https://support.lenovo.com/us/en/product_security/LEN-189489"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-1729",
"datePublished": "2025-07-17T19:17:11.439Z",
"dateReserved": "2025-02-26T21:24:19.874Z",
"dateUpdated": "2025-07-17T20:10:45.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1700 (GCVE-0-2025-1700)
Vulnerability from cvelistv5 – Published: 2025-07-17 19:16 – Updated: 2025-07-21 20:23
VLAI?
Summary
A DLL hijacking vulnerability was reported in the Motorola Software Fix (Rescue and Smart Assistant) installer that could allow a local attacker to escalate privileges during installation of the software.
Severity ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Motorola | Software Fix |
Affected:
0 , < 7.3.4.13
(custom)
|
Credits
Motorola/Lenovo thanks Shaurya and Sahil Shah for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1700",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T20:09:43.552034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T20:09:54.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Software Fix",
"vendor": "Motorola",
"versions": [
{
"lessThan": "7.3.4.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:motorola:software_fix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.3.4.13",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Motorola/Lenovo thanks Shaurya and Sahil Shah for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA DLL hijacking vulnerability was reported in the Motorola Software Fix (Rescue and Smart Assistant) installer that could allow a local attacker to escalate privileges during installation of the software. \u003c/span\u003e"
}
],
"value": "A DLL hijacking vulnerability was reported in the Motorola Software Fix (Rescue and Smart Assistant) installer that could allow a local attacker to escalate privileges during installation of the software."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T20:23:41.863Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/186730/~/motorola-software-fix-installer-vulnerability"
},
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-194483"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Software Fix to version 7.3.4.13 or later.\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/downloads/ds101291-rescue-and-smart-assistant-lmsa\"\u003ehttps://support.lenovo.com/us/en/downloads/ds101291-rescue-and-smart-assistant-lmsa\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Software Fix to version 7.3.4.13 or later.\n\n https://support.lenovo.com/us/en/downloads/ds101291-rescue-and-smart-assistant-lmsa"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-1700",
"datePublished": "2025-07-17T19:16:40.562Z",
"dateReserved": "2025-02-25T18:33:55.242Z",
"dateUpdated": "2025-07-21T20:23:41.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0886 (GCVE-0-2025-0886)
Vulnerability from cvelistv5 – Published: 2025-07-17 19:16 – Updated: 2025-07-17 20:09
VLAI?
Summary
An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges.
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Credits
Lenovo thanks Alexander Staalgaard, JN Data Red Team, for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T20:08:57.428883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T20:09:10.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Elliptic Virtual Lock Sensor Service For ThinkPad P1 Gen 6 (Type 21FV, 21FW)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.548",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Human Presence Detection Driver for ThinkPad P1 Gen 7 (Type 21KV, 21KW)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.801",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Virtual Lock Sensor Service for P14s Gen 4 (Type 21HF, 21HG)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.858",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Human Presence Detection Device Driver for ThinkPad P14s Gen 4 (Type 21K5, 21K6)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.1893",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Human Presence Detection Driver for ThinkPad P14s Gen 5 (Type 21G2, 21G3)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.801",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Human Presence Detection Device Driver for ThinkPad P14s Gen 5 (Type 21ME, 21MF)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.6136",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Human Presence detection Device Driver for ThinkPad P16 Gen 2 (Type 21FA, 21FB)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.774",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Virtual Lock Sensor Service for P16s Gen 2 (Type 21HK, 21HL)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.858",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Human Presence Detection Device Driver for ThinkPad P16s Gen 2 (Type 21K9, 21KA)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.106.2391",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "lliptic Human Presence Detection Driver for P16s Gen 3 (Type 21KS, 21KT)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.801",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Human Presence Detection Device Driver for ThinkPad P16v Gen 1 (Type 21FC, 21FD)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.900",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Human Presence Detection Driver for ThinkPad P16v Gen 1 (Type 21FE, 21FF)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.2235",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Human Presence Detection Device Driver for ThinkPad P16v Gen 2 (Type 21KX, 21KY)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.801",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Virtual Lock Sensor Service for ThinkPad T14 Gen 3 (Type 21AH, 21AJ)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.2.61209.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Virtual Lock Sensor Service for ThinkPad T14 Gen 3 (Type 21CF, 21CG))",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.2.61209.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Virtual Lock Sensor Service for T14 Gen 4 (Type 21HD, 21HE)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.858",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Human Presence Detection Device Driver for T14 Gen 4 (Type 21K3, 21K4)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.1893",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "lliptic Human Presence Detection Device Driver for T14 Gen 5 (Type 21MC, 21MD)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.6136",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Human Presence Detection Device Driver for T14 Gen 5 (Type 21ML, 21MM)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.801",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Virtual Lock Sensor Service for T14s Gen 4 (Type 21F6, 21F7)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.858",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Human Presence Detection Device Driver for ThinkPad T14s Gen 4 (Type 21F8, 21F9)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.1893",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Human Presence Detection Device Driver for T14s Gen 5 (Type 21LS, 21LT)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.801",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Human Presence Detection driver for ThinkPad T14s Gen 6 (Type 21M1, 21M2)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.109.82",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Virtual Lock Sensor Service for T16 Gen 2 (Type 21HH, 21HJ)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.858",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Human Presence Detection Device Driver for T16 Gen 2 (Type 21K7 21K8)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.106.2391",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Human Presence Detection Device Driver for T16 Gen 3 (Type 21MN, 21MQ)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.801",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Virtual Lock Sensor Service for X1 2-in-1 Gen 9 (Type 21KE, 21KF)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.801",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Virtual Lock Sensor Service for ThinkPad X1 Carbon 12th Gen (Type 21KC, 21KD)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.801",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Human Presence Detection Device Driver for X13 2-in-1 Gen 5 (Type 21LW, 21LX)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.801",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Virtual Lock Sensor for ThinkPad X13 Gen 4 (Type 21EX, 21EY)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.761",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Human Presence Detection Driver for ThinkPad X13 Gen 4 (Type 21J3, 21J4)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.2234",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Human Presence Detection Device Driver for X13 Gen 5 (Type 21LU, 21LV)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.801",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Elliptic Virtual Lock Sensor for X13 Yoga Gen 4 (Type 21F2, 21F3)",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1000.100.108.761",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_p16s_gen_2_type_21hk_21hl_laptop_thinkpad:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1000.100.108.858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_for_x13_yoga_gen_4_type_21f2_21f3_laptop_thinkpad:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1000.100.108.761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_t14_gen_3_type_21ah_21aj_laptop_thinkpad:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2.61209.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_t14_gen_3_type_21cf_21cg_laptop_thinkpad:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2.61209.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_p16_gen_2_type_21fa_21fb_laptop_thinkpad:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1000.100.108.774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_p14s_gen_4_type_21k5_21k6_laptop_thinkpad:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1000.100.108.1893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_t14_gen_5_type_21mc_21md_laptops_thinkpad:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1000.100.108.6136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_t14s_gen_4_type_21f8_21f9_laptop_thinkpad:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1000.100.108.1893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_x13_gen_4_type_21j3_21j4_laptop_thinkpad:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1000.100.108.2234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_p16v_gen_1_type_21fe_21ff_laptop_thinkpad:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1000.100.108.2235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_p1_gen_6_type_21fv_21fw_laptop_thinkpad:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1000.100.108.548",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_t14s_gen_5_type_21ls_21lt_laptop_thinkpad:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1000.100.108.801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elliptic_human_presence_detection_device_driver_for_lenovo:p14s_gen_5_type_21g2_21g3_laptops_thinkpad:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1000.100.108.801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_p16v_gen_2_type_21kx_21ky_laptops_thinkpad:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1000.100.108.801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_p1_gen_7_type_21kv_21kw_laptop_thinkpad:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1000.100.108.801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_x1_2_in_1_gen_9_type_21ke_21kf_laptop_thinkpad:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1000.100.108.801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_t16_gen_2_type_21k7_21k8_laptop_thinkpad:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1000.100.106.2391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_p16v_gen_1_type_21fc_21fd_laptop_thinkpad:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1000.100.108.900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_driver_for_t14s_gen_6_type_21m1_21m2_laptops_thinkpad:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1000.100.109.82",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Alexander Staalgaard, JN Data Red Team, for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges. \u003c/span\u003e"
}
],
"value": "An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T19:16:16.273Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-182738"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to the version (or newer) indicated for your model in the Product Impact section:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-182738\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-182738\u003c/a\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Update to the version (or newer) indicated for your model in the Product Impact section:\u00c2\u00a0 https://support.lenovo.com/us/en/product_security/LEN-182738"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-0886",
"datePublished": "2025-07-17T19:16:16.273Z",
"dateReserved": "2025-01-30T16:35:23.042Z",
"dateUpdated": "2025-07-17T20:09:10.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1699 (GCVE-0-2025-1699)
Vulnerability from cvelistv5 – Published: 2025-06-11 16:14 – Updated: 2025-06-11 17:32
VLAI?
Summary
An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access.
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T17:32:22.596452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T17:32:38.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "g34",
"vendor": "Motorola",
"versions": [
{
"lessThan": "2025-06-01",
"status": "affected",
"version": "0",
"versionType": "SPL"
}
]
},
{
"defaultStatus": "unaffected",
"product": "g34t",
"vendor": "Motorola",
"versions": [
{
"lessThan": "2025-06-01",
"status": "affected",
"version": "0",
"versionType": "SPL"
}
]
},
{
"defaultStatus": "unaffected",
"product": "g45 5G",
"vendor": "Motorola",
"versions": [
{
"lessThan": "2025-06-01",
"status": "affected",
"version": "0",
"versionType": "SPL"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:motorola:g34:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2025-06-01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:motorola:g34t:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2025-06-01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:motorola:g45_5g:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2025-06-01",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2.4,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T16:14:49.135Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/186729"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate your Motorola phone to the latest software version. Software versions with a Security Patch Level of 202\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e5\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e-\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e06\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e-01 or later include a fix for this \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerability.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Update your Motorola phone to the latest software version. Software versions with a Security Patch Level of 2025-06-01 or later include a fix for this vulnerability."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-1699",
"datePublished": "2025-06-11T16:14:49.135Z",
"dateReserved": "2025-02-25T18:33:54.666Z",
"dateUpdated": "2025-06-11T17:32:38.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1698 (GCVE-0-2025-1698)
Vulnerability from cvelistv5 – Published: 2025-06-11 16:14 – Updated: 2025-06-11 17:50
VLAI?
Summary
Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.
Severity ?
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Motorola | Razr 40 Ultra |
Affected:
0 , < 2025-06-01
(SPL)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T17:50:06.249282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T17:50:12.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Razr 40 Ultra",
"vendor": "Motorola",
"versions": [
{
"lessThan": "2025-06-01",
"status": "affected",
"version": "0",
"versionType": "SPL"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Razr 40",
"vendor": "Motorola",
"versions": [
{
"lessThan": "2025-06-01",
"status": "affected",
"version": "0",
"versionType": "SPL"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Razr 2023",
"vendor": "Motorola",
"versions": [
{
"lessThan": "2025-06-01",
"status": "affected",
"version": "0",
"versionType": "SPL"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge 40 Pro",
"vendor": "Motorola",
"versions": [
{
"lessThan": "2025-06-01",
"status": "affected",
"version": "0",
"versionType": "SPL"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Edge+ 2023",
"vendor": "Motorola",
"versions": [
{
"lessThan": "2025-06-01",
"status": "affected",
"version": "0",
"versionType": "SPL"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:motorola:razr_40_ultra:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2025-06-01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:motorola:razr_40:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2025-06-01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:motorola:razr_2023:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2025-06-01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:motorola:edge_40_pro:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2025-06-01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:motorola:edge_plus_2023:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2025-06-01",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service."
}
],
"value": "Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2.4,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T16:14:37.530Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://en-us.support.motorola.com/app/answers/detail/a_id/186728"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate your Motorola phone to the latest software version. Software versions with a Security Patch Level of 2025-06-01 or later include a fix for this vulnerability.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update your Motorola phone to the latest software version. Software versions with a Security Patch Level of 2025-06-01 or later include a fix for this vulnerability."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-1698",
"datePublished": "2025-06-11T16:14:37.530Z",
"dateReserved": "2025-02-25T18:33:54.152Z",
"dateUpdated": "2025-06-11T17:50:12.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}