CVE-2025-2501Untrusted Search Path in Lenovo PC Manager

CWE-426Untrusted Search PathCWE-287Improper AuthenticationCWE-22Path TraversalCWE-359Exposure of Private Personal Information to an Unauthorized Actor5 documents4 sources
Severity
8.5HIGHNVD
EPSS
0.1%
top 79.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Lenovo PC ManagerLenovo Pcmanager
Timeline
PublishedMay 30
Latest updateAug 12

Description

An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDlenovo/pcmanager< 5.1.110.5082
CVEListV5lenovo/pc_manager< 5.1.110.5082

🔴Vulnerability Details

2
GHSA
GHSA-7m65-wj64-957x: An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges2025-05-30
CVEList
CVE-2025-2501: An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges2025-05-30

📋Vendor Advisories

2
Microsoft
Azure Stack Hub Information Disclosure Vulnerability2025-08-12
Microsoft
Azure Stack Hub Information Disclosure Vulnerability2025-08-12
CVE-2025-2501 — Untrusted Search Path in Lenovo | cvebase