CVE-2025-6231Argument Injection in Lenovo Commercial Vantage

CWE-88Argument Injection3 documents3 sources
Severity
8.5HIGHNVD
EPSS
0.0%
top 90.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Lenovo Commercial VantageLenovo Vantage
Timeline
PublishedJul 17

Description

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages4 packages

CVEListV5lenovo/vantage< 10.2501.20.0
NVDlenovo/vantage< 10.2501.20.0
CVEListV5lenovo/commercial_vantage< 20.2506.39.0
NVDlenovo/commercial_vantage< 20.2506.39.0

🔴Vulnerability Details

2
GHSA
GHSA-8x4f-h4c6-38hm: An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with el2025-07-17
CVEList
CVE-2025-6231: An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with el2025-07-17
CVE-2025-6231 — Argument Injection in Lenovo | cvebase