CVE-2025-2502

HIGH

Lenovo PCManager < 5.1.110.5082 - Privilege Escalation via Improper Default Permissions

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-2502. PoCs published by IHK-ONE.

AI-analyzed exploit summary This PoC demonstrates a local privilege escalation (LPE) vulnerability in Lenovo PC Manager (CVE-2025-2502) by exploiting insecure file permissions on the 'kpicservice.exe' binary, allowing a low-privileged user to replace it with a malicious payload and gain SYSTEM privileges upon service restart.

Description

An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.

Exploits (1)

nomisec WORKING POC 5 stars

by IHK-ONE · poc

https://github.com/IHK-ONE/CVE-2025-2502

View Code ZIP pw:eip

This PoC demonstrates a local privilege escalation (LPE) vulnerability in Lenovo PC Manager (CVE-2025-2502) by exploiting insecure file permissions on the 'kpicservice.exe' binary, allowing a low-privileged user to replace it with a malicious payload and gain SYSTEM privileges upon service restart.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Lenovo PC Manager (versions before 5.1.100.1102)

Auth required

Prerequisites: Lenovo PC Manager installed with the AI Picture plugin · Local user access · Ability to restart the system

MITRE ATT&CK

T1548.002 - Bypass User Account Control T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory

https://iknow.lenovo.com.cn/detail/428586

Scores

CVSS v3 7.8

EPSS 0.0017

EPSS Percentile 6.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-276

Status published

Products (1)

lenovo/pcmanager < 5.1.110.5082

Published May 30, 2025

Tracked Since Feb 18, 2026