Code Execution Vulnerability in Lenovo Apps
CVE-2025-10495

7.7HIGH

Key Information:

Vendor: Lenovo
Status: App Store; Pc Manager; Browser; Legion Zone
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-10495?

A security flaw has been identified in several Lenovo applications, including Lenovo PC Manager, App Store, Browser, and Legion Zone. This vulnerability could potentially enable a malicious actor on the same logical network to execute arbitrary code, posing significant risks in terms of data security and system integrity. It is crucial for users to remain vigilant and apply any necessary security updates provided by Lenovo to mitigate this risk.

Affected Version(s)

App Store 0 < 9.0.2530.1027

Browser 0 < 9.0.6.9111

Legion Zone 0 < 2.0.21

References

https://iknow.lenovo.com.cn/detail/434328

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Sep 15, 2025

Credit

Lenovo thanks Wanjie from Huazhong University of Science and Technology for reporting this issue.

JSON