Refine your search
4 vulnerabilities found for Browser by Lenovo
CVE-2025-12046 (GCVE-0-2025-12046)
Vulnerability from nvd
Published
2025-12-10 14:08
Modified
2025-12-10 15:47
Severity ?
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges under certain conditions.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12046",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T15:47:23.360058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T15:47:33.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "App Store",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.0.2530.1027",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Browser",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.0.6.11071",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:app_store:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.2530.1027",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:browser:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.6.11071",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Wanjie from Huazhong University of Science and Technology for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges under certain conditions. \u003c/span\u003e"
}
],
"value": "A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges under certain conditions."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T14:08:25.124Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/435004"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Lenovo App Store to version 9.0.2530.1027 or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Lenovo App Store to version 9.0.2530.1027 or later."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Lenovo Brower to version 9.0.6.11071 or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Lenovo Brower to version 9.0.6.11071 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-12046",
"datePublished": "2025-12-10T14:08:25.124Z",
"dateReserved": "2025-10-21T20:00:54.017Z",
"dateUpdated": "2025-12-10T15:47:33.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10495 (GCVE-0-2025-10495)
Vulnerability from nvd
Published
2025-11-12 19:18
Modified
2025-11-13 04:55
Severity ?
7.7 (High) - CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation
Summary
A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo | App Store |
Version: 0 < 9.0.2530.1027 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T04:55:37.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "App Store",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.0.2530.1027",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC Manager",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.1.140.9262",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Browser",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.0.6.9111",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Legion Zone",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "2.0.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:app_store:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.2530.1027",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:pc_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.140.9262",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:browser:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.6.9111",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:legion_zone:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.21",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Wanjie from Huazhong University of Science and Technology for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code. \u003cbr\u003e"
}
],
"value": "A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T19:18:44.859Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/434328"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Lenovo App Store Client to version 9.0.2530.1027 or later.\u003cbr\u003e"
}
],
"value": "Update Lenovo App Store Client to version 9.0.2530.1027 or later."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Lenovo PC Manager to version 5.1.140.9262 or later.\u003cbr\u003e"
}
],
"value": "Update Lenovo PC Manager to version 5.1.140.9262 or later."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Lenovo Browser Client to version 9.0.6.9111 or later.\u003cbr\u003e"
}
],
"value": "Update Lenovo Browser Client to version 9.0.6.9111 or later."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Legion Zone Client to version 2.0.21 or later.\u003cbr\u003e"
}
],
"value": "Update Legion Zone Client to version 2.0.21 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-10495",
"datePublished": "2025-11-12T19:18:44.859Z",
"dateReserved": "2025-09-15T19:25:35.895Z",
"dateUpdated": "2025-11-13T04:55:37.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12046 (GCVE-0-2025-12046)
Vulnerability from cvelistv5
Published
2025-12-10 14:08
Modified
2025-12-10 15:47
Severity ?
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges under certain conditions.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12046",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T15:47:23.360058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T15:47:33.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "App Store",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.0.2530.1027",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Browser",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.0.6.11071",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:app_store:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.2530.1027",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:browser:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.6.11071",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Wanjie from Huazhong University of Science and Technology for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges under certain conditions. \u003c/span\u003e"
}
],
"value": "A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges under certain conditions."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T14:08:25.124Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/435004"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Lenovo App Store to version 9.0.2530.1027 or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Lenovo App Store to version 9.0.2530.1027 or later."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Lenovo Brower to version 9.0.6.11071 or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Lenovo Brower to version 9.0.6.11071 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-12046",
"datePublished": "2025-12-10T14:08:25.124Z",
"dateReserved": "2025-10-21T20:00:54.017Z",
"dateUpdated": "2025-12-10T15:47:33.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10495 (GCVE-0-2025-10495)
Vulnerability from cvelistv5
Published
2025-11-12 19:18
Modified
2025-11-13 04:55
Severity ?
7.7 (High) - CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation
Summary
A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Lenovo | App Store |
Version: 0 < 9.0.2530.1027 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T04:55:37.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "App Store",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.0.2530.1027",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC Manager",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.1.140.9262",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Browser",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "9.0.6.9111",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Legion Zone",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "2.0.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:app_store:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.2530.1027",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:pc_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.140.9262",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:browser:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.6.9111",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:legion_zone:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.21",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Wanjie from Huazhong University of Science and Technology for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code. \u003cbr\u003e"
}
],
"value": "A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T19:18:44.859Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/434328"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Lenovo App Store Client to version 9.0.2530.1027 or later.\u003cbr\u003e"
}
],
"value": "Update Lenovo App Store Client to version 9.0.2530.1027 or later."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Lenovo PC Manager to version 5.1.140.9262 or later.\u003cbr\u003e"
}
],
"value": "Update Lenovo PC Manager to version 5.1.140.9262 or later."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Lenovo Browser Client to version 9.0.6.9111 or later.\u003cbr\u003e"
}
],
"value": "Update Lenovo Browser Client to version 9.0.6.9111 or later."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Legion Zone Client to version 2.0.21 or later.\u003cbr\u003e"
}
],
"value": "Update Legion Zone Client to version 2.0.21 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.3.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-10495",
"datePublished": "2025-11-12T19:18:44.859Z",
"dateReserved": "2025-09-15T19:25:35.895Z",
"dateUpdated": "2025-11-13T04:55:37.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}