SQL Injection Vulnerability in Lenovo Vantage
CVE-2025-6230

4.8MEDIUM

Key Information:

Vendor: Lenovo
Status: Vantage; Commercial Vantage
Vendor: CVE Published:; 17 July 2025

What is CVE-2025-6230?

A SQL injection vulnerability exists in Lenovo Vantage that enables a local attacker to manipulate the local SQLite database. This compromise may allow the execution of arbitrary code with elevated permissions, potentially impacting the system's integrity and security.

Affected Version(s)

Commercial Vantage 0 < 20.2506.39.0

Vantage 0 < 10.2501.20.0

References

https://support.lenovo.com/us/en/product_security/LEN-196648

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2025
Vulnerability Reserved
Jun 18, 2025

Credit

Lenovo thanks Bryan Alexander of Atredis Partners for reporting this issue.