CVE-2025-13154
MEDIUMSeverity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.
AnalysisAI
An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges. [CVSS 5.5 MEDIUM]
Technical ContextAI
Classified as CWE-59 (Improper Link Resolution Before File Access). An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.
Affected ProductsAI
An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-59 – Improper Link Resolution Before File Access
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today