Lenovo Vantage vulnerabilities

CVE-2026-1716 [MEDIUM] CWE-88 CVE-2026-1716: An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vanta An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges.

CVE-2026-1717 [MEDIUM] CWE-88 CVE-2026-1717: An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo V An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges.

CVE-2026-1715 [MEDIUM] CWE-88 CVE-2026-1715: An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vanta An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges.

CVE-2025-13154 [MEDIUM] CWE-59 CVE-2025-13154: An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantag An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.

CVE-2025-6232 [HIGH] CWE-88 CVE-2025-6232: An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions co An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations.

CVE-2025-6231 [HIGH] CWE-88 CVE-2025-6231: An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions co An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file.

CVE-2025-6230 [MEDIUM] CWE-89 CVE-2025-6230: A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to mo A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands.

CVE-2024-12673 [HIGH] CWE-250 CVE-2024-12673: An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage o An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: * Lenovo V Series (Gen 5) * ThinkBook 14 (Gen 6, 7) * ThinkBook 16 (Gen 6, 7) * ThinkPad

CVE-2023-6043 [HIGH] CWE-295 CVE-2023-6043: A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacke A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges.

CVE-2023-6044 [MEDIUM] CWE-290 CVE-2023-6044: A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacke A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges.

CVE-2020-8327 [HIGH] CWE-428 CVE-2020-8327: A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Int A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges.

CVE-2020-8316 [MEDIUM] CWE-200 CVE-2020-8316: A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an aut A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges.