SQL Injection Vulnerability in Lenovo Vantage
CVE-2025-6230

4.8MEDIUM

Key Information:

Vendor: Lenovo
Status: Vantage; Commercial Vantage
Vendor: CVE Published:; 17 July 2025

What is CVE-2025-6230?

A SQL injection vulnerability exists in Lenovo Vantage that enables a local attacker to manipulate the local SQLite database. This compromise may allow the execution of arbitrary code with elevated permissions, potentially impacting the system's integrity and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Commercial Vantage 0 < 20.2506.39.0

Vantage 0 < 10.2501.20.0

References

https://support.lenovo.com/us/en/product_security/LEN-196648

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jul 17, 2025
Vulnerability Reserved
Jun 18, 2025

Credit

Lenovo thanks Bryan Alexander of Atredis Partners for reporting this issue.

JSON

Lenovo