Untrusted Search Path Vulnerability in Lenovo PC Manager
CVE-2025-2501

8.5HIGH

Key Information:

Vendor: Lenovo
Status: Pc Manager
Vendor: CVE Published:; 30 May 2025

What is CVE-2025-2501?

Lenovo PC Manager is affected by an untrusted search path vulnerability that allows local attackers to potentially elevate their privileges. By exploiting this flaw, unauthorized users could manipulate the way the application locates its executable files, leading to the execution of malicious code in a higher privilege context. It is crucial for users to stay informed about updates and patches to mitigate potential risks associated with this vulnerability.

Affected Version(s)

PC Manager 0 < 5.1.110.5082

References

https://iknow.lenovo.com.cn/detail/428586

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 30, 2025
Vulnerability Reserved
Mar 18, 2025