Improper Permission Handling in Lenovo PC Manager
CVE-2025-2503

6.9MEDIUM

Key Information:

Vendor

Lenovo

Vendor
CVE Published:
30 May 2025

What is CVE-2025-2503?

An improper permission handling vulnerability exists in Lenovo PC Manager, which can enable a local attacker to delete arbitrary files with elevated privileges. This issue poses a significant risk to system integrity, as malicious users could exploit this flaw to manipulate or remove critical files, potentially leading to data loss and affecting overall system functionality.

Affected Version(s)

PC Manager 0 < 5.1.110.5082

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-2503 : Improper Permission Handling in Lenovo PC Manager