CVE-2025-2503

CWE-732 — Incorrect Permission Assignment CWE-280 CWE-287 — Improper Authentication CWE-735 documents5 sources

Severity

6.9MEDIUM

EPSS

0.1%

top 84.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo PC Manager Lenovo Pcmanager

Timeline

PublishedMay 30

Latest updateOct 22

Description

An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDlenovo/pcmanager< 5.1.110.5082

▶CVEListV5lenovo/pc_manager< 5.1.110.5082

🔴Vulnerability Details

GHSA

aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server↗2025-10-22

▶

CVEList

CVE-2025-2503: An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions↗2025-05-30

▶

GHSA

GHSA-8prh-632c-4gfj: An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions↗2025-05-30

▶

📋Vendor Advisories

Microsoft

Linux Kernel LoadPin bypass via dm-verity table reload↗2022-08-09

▶