CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-6232
https://notcve.org/view.php?id=CVE-2025-6232
17 Jul 2025 — An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations. • https://support.lenovo.com/us/en/product_security/LEN-196648 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-6231
https://notcve.org/view.php?id=CVE-2025-6231
17 Jul 2025 — An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file. • https://support.lenovo.com/us/en/product_security/LEN-196648 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-6230
https://notcve.org/view.php?id=CVE-2025-6230
17 Jul 2025 — A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute code with elevated permissions. • https://support.lenovo.com/us/en/product_security/LEN-196648 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •