CVE-2025-8485

CWE-276 — Incorrect Default Permissions3 documents3 sources

Severity

7.0HIGH

EPSS

0.0%

top 99.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo APP Store

Timeline

PublishedNov 12

Description

An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5lenovo/app_store< 9.0.2530.1027

▶NVDlenovo/app_store< 9.0.2530.1027

🔴Vulnerability Details

CVEList

CVE-2025-8485: An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privi↗2025-11-12

▶

GHSA

GHSA-9j2g-7v4v-vp2g: An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privi↗2025-11-12

▶