Lenovo App Store vulnerabilities

CVE-2025-12046 [HIGH] CWE-427 CVE-2025-12046: A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications t A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges under certain conditions.

CVE-2025-8485 [HIGH] CWE-276 CVE-2025-8485: An improper permissions vulnerability was reported in Lenovo App Store that could allow a local auth An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application.

CVE-2025-10495 [HIGH] CWE-295 CVE-2025-10495: A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, a A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code.

CVE-2025-4657 [HIGH] CWE-122 CVE-2025-4657: A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1 A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow a local attacker with elevated privileges to execute arbitrary code.

CVE-2024-10254 [MEDIUM] CWE-122 CVE-2024-10254: A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.

CVE-2024-10253 [MEDIUM] CWE-122 CVE-2024-10253: A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store th A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.

CVE-2024-4130 [HIGH] CWE-427 CVE-2024-4130: A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to exe A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges.

CVE-2023-6450 [MEDIUM] CWE-400 CVE-2023-6450: An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service.

CVE-2022-3611 [HIGH] CWE-200 CVE-2022-3611: An information disclosure vulnerability has been identified in the Lenovo App Store which may allow An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications.