CVE-2025-13154
6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Summary
An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Lenovo | Vantage | 0 < 1.1.0.1111 | affected |
Weaknesses
- CWE-59: CWE-59: Improper Link Resolution Before File Access ('Link Following')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.