Lenovo Pc Manager vulnerabilities

CVE-2026-2640 [MEDIUM] CWE-269 CVE-2026-2640: During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manage During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes.

CVE-2025-10495 [HIGH] CWE-295 CVE-2025-10495: A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, a A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code.

CVE-2025-8486 [HIGH] CWE-250 CVE-2025-8486: A potential vulnerability was reported in PC Manager that could allow a local authenticated user to A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges.

CVE-2025-10581 [HIGH] CWE-427 CVE-2025-10581: A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal s A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges.

CVE-2025-8098 [HIGH] CWE-276 CVE-2025-8098: An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local atta An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges.

CVE-2025-4657 [HIGH] CWE-122 CVE-2025-4657: A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1 A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow a local attacker with elevated privileges to execute arbitrary code.

CVE-2025-2501 [HIGH] CWE-426 CVE-2025-2501: An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local at An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.

CVE-2025-2502 [HIGH] CWE-276 CVE-2025-2502: An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a l An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.

CVE-2025-2503 [MEDIUM] CWE-732 CVE-2025-2503: An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a l An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user.

CVE-2024-10254 [MEDIUM] CWE-122 CVE-2024-10254: A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.

CVE-2024-10253 [MEDIUM] CWE-122 CVE-2024-10253: A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store th A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.

CVE-2019-6197 [HIGH] CWE-287 CVE-2019-6197: A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a l A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.

CVE-2019-6198 [HIGH] CWE-287 CVE-2019-6198: A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a l A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.

CVE-2017-3772 [MEDIUM] CWE-20 CVE-2017-3772: A vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an A vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an attacker to cause a system reboot.