CVE-2025-2502

CWE-276 — Incorrect Default Permissions3 documents3 sources

Severity

8.5HIGH

EPSS

0.1%

top 81.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo PC Manager Lenovo Pcmanager

Timeline

PublishedMay 30

Description

An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDlenovo/pcmanager< 5.1.110.5082

▶CVEListV5lenovo/pc_manager< 5.1.110.5082

🔴Vulnerability Details

CVEList

CVE-2025-2502: An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges↗2025-05-30

▶

GHSA

GHSA-x3mr-mm28-qg7m: An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges↗2025-05-30

▶