CVE-2025-2502

HIGH

Lenovo Pcmanager < 5.1.110.5082 - Incorrect Default Permissions

Title source: rule

Description

An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.

Exploits (1)

nomisec WORKING POC 5 stars
by IHK-ONE · poc
https://github.com/IHK-ONE/CVE-2025-2502

References (1)

Scores

CVSS v3 7.8
EPSS 0.0006
EPSS Percentile 18.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-276
Status published
Products (1)
lenovo/pcmanager < 5.1.110.5082
Published May 30, 2025
Tracked Since Feb 18, 2026