CVE-2025-6230

Summary

A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands.

Affected Software

VendorProductVersion RangeStatus
LenovoVantage0 < 10.2501.20.0affected
LenovoCommercial Vantage0 < 20.2506.39.0affected

Weaknesses

  • CWE-89: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References