CVE-2025-10495

CWE-295 — Improper Certificate Validation3 documents3 sources

Severity

7.7HIGH

EPSS

0.0%

top 93.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo APP Store Lenovo Browser Lenovo Legion Zone +1 more

Timeline

PublishedNov 12

Description

A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages4 packages

▶CVEListV5lenovo/legion_zone< 2.0.21

▶CVEListV5lenovo/browser< 9.0.6.9111

▶CVEListV5lenovo/app_store< 9.0.2530.1027

▶CVEListV5lenovo/pc_manager< 5.1.140.9262

🔴Vulnerability Details

CVEList

CVE-2025-10495: A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, un↗2025-11-12

▶

GHSA

GHSA-v6gr-9fpj-mghv: A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, un↗2025-11-12

▶