CVE-2025-13154Link Following in Lenovo Vantage

CWE-59Link Following4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.0%
top 92.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Lenovo Vantage
Timeline
PublishedJan 14
Latest updateJan 15

Description

An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5lenovo/vantage< 1.1.0.1111

🔴Vulnerability Details

2
GHSA
GHSA-6cmg-j379-64rm: An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to2026-01-15
CVEList
CVE-2025-13154: An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to2026-01-14

🕵️Threat Intelligence

1
Wiz
CVE-2025-13154 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-13154 — Link Following in Lenovo Vantage | cvebase