CVE-2025-6232

CWE-88CWE-13334 documents4 sources
Severity
8.5HIGH
EPSS
0.0%
top 90.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Lenovo Commercial VantageLenovo Vantage
Timeline
PublishedJul 17

Description

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages4 packages

CVEListV5lenovo/vantage< 10.2501.20.0
NVDlenovo/vantage< 10.2501.20.0
CVEListV5lenovo/commercial_vantage< 20.2506.39.0
NVDlenovo/commercial_vantage< 20.2506.39.0

🔴Vulnerability Details

2
CVEList
CVE-2025-6232: An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with el2025-07-17
GHSA
GHSA-7wq6-wxf9-cp78: An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with el2025-07-17

📋Vendor Advisories

1
Microsoft
Regular-expression DoS when parsing TarFile headers2024-09-10
CVE-2025-6232 (HIGH CVSS 8.5) | An improper validation vulnerabilit | cvebase.io