← back
CVE-2025-12048

CVE-2025-12048

CVSS 7.7 HIGHEPSS 0.2%CWE-434
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.7EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Nov 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the affected system.
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Lenovo · Scanner Pro

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://iknow.lenovo.com.cn/detail/434326