CVE-2025-10495 | THREATINT

Description

A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code.

PUBLISHED Reserved 2025-09-15 | Published 2025-11-12 | Updated 2025-11-13 | Assigner lenovo

HIGH: 7.7CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-295: Improper Certificate Validation

Product status

Default status

unaffected

Any version before 9.0.2530.1027

affected

Default status

unaffected

Any version before 5.1.140.9262

affected

Default status

unaffected

Any version before 9.0.6.9111

affected

Default status

unaffected

Any version before 2.0.21

affected

Credits

Lenovo thanks Wanjie from Huazhong University of Science and Technology for reporting this issue. finder

References

iknow.lenovo.com.cn/detail/434328

cve.org (CVE-2025-10495)

nvd.nist.gov (CVE-2025-10495)

Download JSON