CVE-2025-10495

Summary

A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
LenovoApp Store0 < 9.0.2530.1027affected
LenovoPC Manager0 < 5.1.140.9262affected
LenovoBrowser0 < 9.0.6.9111affected
LenovoLegion Zone0 < 2.0.21affected

Weaknesses

  • CWE-295: CWE-295: Improper Certificate Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References