CVE-2025-12046

CWE-4273 documents3 sources
Severity
8.5HIGH
EPSS
0.0%
top 92.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Lenovo APP StoreLenovo Browser
Timeline
PublishedDec 10

Description

A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges under certain conditions.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5lenovo/browser< 9.0.6.11071
CVEListV5lenovo/app_store< 9.0.2530.1027

🔴Vulnerability Details

2
GHSA
GHSA-82hr-h35p-vq5v: A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to exec2025-12-10
CVEList
CVE-2025-12046: A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to exec2025-12-10
CVE-2025-12046 (HIGH CVSS 8.5) | A DLL hijacking vulnerability was r | cvebase.io