CVE-2025-6232

Summary

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations.

Affected Software

VendorProductVersion RangeStatus
LenovoVantage0 < 10.2501.20.0affected
LenovoCommercial Vantage0 < 20.2506.39.0affected

Weaknesses

  • CWE-88: CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References