Vulnerabilities in Lenovo
369 resultsCVE-2025-10238HIGHDuring an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products cEPSS 0.1%CVE-2025-13453MEDIUMA potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the EPSS 0.1%CVE-2022-3701HIGH
A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow aEPSS 0.1%CVE-2022-3702MEDIUM
A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local aEPSS 0.1%CVE-2025-13154MEDIUMAn improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated locaEPSS 0.1%CVE-2025-12046HIGHA DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated usEPSS 0.1%CVE-2026-4135MEDIUMDuring an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could alloEPSS 0.1%CVE-2025-13455HIGHA vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authEPSS 0.1%CVE-2025-13152HIGHA potential DLL hijacking vulnerability was reported in Lenovo One Client during an internal security assessment that could allow a local auEPSS 0.1%CVE-2026-4134HIGHDuring an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could alloEPSS 0.1%CVE-2026-2640MEDIUMDuring an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticatedEPSS 0.1%CVE-2026-0421HIGHA potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in EPSS 0.1%CVE-2025-2503MEDIUMAn improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file EPSS 0.1%CVE-2025-8098HIGHAn improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges.EPSS 0.1%CVE-2026-6090HIGHA potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arEPSS 0.1%CVE-2025-9548MEDIUMA potential null pointer dereference vulnerability was reported in the Lenovo Power Management Driver that could allow a local authenticatedEPSS 0.1%CVE-2022-3700MEDIUMA Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier thatEPSS 0.1%CVE-2025-13155HIGHAn improper permissions vulnerability was reported in Lenovo Baiying Client that could allow a local authenticated user to execute code withEPSS 0.1%CVE-2025-8485HIGHAn improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevEPSS 0.1%CVE-2026-9045HIGHDuring an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise foEPSS 0.1%