CVE-2025-12048 | THREATINT

Description

An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the affected system.

PUBLISHED Reserved 2025-10-21 | Published 2025-11-12 | Updated 2025-11-12 | Assigner lenovo

HIGH: 7.7CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-434: Unrestricted Upload of File with Dangerous Type

Product status

Default status

unaffected

Any version

affected

References

iknow.lenovo.com.cn/detail/434326

cve.org (CVE-2025-12048)

nvd.nist.gov (CVE-2025-12048)

Download JSON