CVE-2025-12047 | THREATINT

Description

A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to disclose sensitive user files from the application.

PUBLISHED Reserved 2025-10-21 | Published 2025-11-12 | Updated 2025-11-12 | Assigner lenovo

MEDIUM: 6.0CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

MEDIUM: 5.3CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-295: Improper Certificate Validation

Product status

Default status

unaffected

Any version before 1.2.7

affected

References

iknow.lenovo.com.cn/detail/434327

cve.org (CVE-2025-12047)

nvd.nist.gov (CVE-2025-12047)

Download JSON