CVE-2025-13154

Summary

An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.

Affected Software

VendorProductVersion RangeStatus
LenovoVantage0 < 1.1.0.1111affected

Weaknesses

  • CWE-59: CWE-59: Improper Link Resolution Before File Access ('Link Following')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References