Open Debug Interface Vulnerability in Legion Space Software by Lenovo
CVE-2025-1479

4.8MEDIUM

Key Information:

Vendor: Lenovo
Status: Legion Space For Legion Go; Legion Space For Legion Pc
Vendor: CVE Published:; 30 May 2025

What is CVE-2025-1479?

A vulnerability was identified in Legion Space software utilized in certain Lenovo Legion devices. This flaw arises from the presence of an open debug interface that could be exploited by a local attacker. By leveraging this weakness, an attacker may gain the ability to execute arbitrary code, potentially compromising the integrity and security of the affected systems. Users of Lenovo Legion products should take immediate precautions to mitigate any associated risks.

Affected Version(s)

Legion Space for Legion Go 0 < 1.2.3.8

Legion Space for Legion PC 0 < 1.4.11.4

References

https://support.lenovo.com/us/en/product_security/LEN-186929

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 30, 2025
Vulnerability Reserved
Feb 19, 2025

Credit

Lenovo thanks Aobo Wang(@M4x_1997) of Chaitin Security Research Lab for reporting this issue.