Improper Permissions Vulnerability in Lenovo App Store
CVE-2025-8485

7HIGH

Key Information:

Vendor: Lenovo
Status: App Store
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-8485?

A vulnerability has been identified in Lenovo App Store, where improper permissions may permit a local authenticated user to execute code with elevated privileges during application installation. This flaw raises significant security concerns as it could enable the execution of unauthorized actions, potentially compromising the integrity of the system.

Affected Version(s)

App Store 0 < 9.0.2530.1027

References

https://iknow.lenovo.com.cn/detail/434329

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Aug 1, 2025

Credit

Lenovo thanks Wanjie from Huazhong University of Science and Technology for reporting this issue.

JSON