Severity by source
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local vector with an existing low-priv account (AV:L/PR:L); the required non-system-partition install maps AT:P to AC:H; planted code runs with full C/I/A impact.
Primary rating from Vendor (lenovo).
CVSS VectorVendor: lenovo
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A potential insecure permissions vulnerability was reported in Legion Zone and the Lenovo App Store Windows applications, distributed exclusively in the Chinese market, that when installed on a non‑system partition, could allow a local user to execute arbitrary code.
AnalysisAI
Local code execution in Lenovo Legion Zone and the Lenovo App Store (China-market Windows builds) allows an authenticated local user to run arbitrary code when either application is installed on a non-system partition. The flaw stems from insecure directory/file permissions (CWE-277) that a low-privileged user can abuse to plant or modify executable content later run with higher privilege. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that Legion Zone or the Lenovo App Store was installed on a NON-system partition (not the default system drive) - this is the concrete configuration prerequisite that creates the world-writable, insecurely-inherited directory permissions (CWE-277). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:L/AC:L/AT:P/PR:L/UI:N, VC:H/VI:H/VA:H) scores 7.3 (High) and paints a consistent picture: exploitation is local, requires an existing low-privilege account (PR:L), and carries an Attack Requirement (AT:P) - the software must be installed on a non-system partition, a non-default deployment. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | On a Lenovo Windows PC where Legion Zone or the Lenovo App Store was installed to a non-system drive (e.g. D:\), a standard local user replaces or drops a malicious executable/DLL in the world-writable application directory. … |
| Remediation | Follow the Lenovo advisory at https://iknow.lenovo.com.cn/detail/441420 and update Legion Zone and the Lenovo App Store to the vendor-corrected version; the supplied data does not include an exact fix version, so treat patch status as 'Patch available per vendor advisory' and confirm the fixed build against that page. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, conduct a complete inventory of all systems running Lenovo Legion Zone or Lenovo App Store (specifically China-market builds) and identify which installations exist on non-system partitions; flag these as high-priority assets. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-277 – Insecure Inherited Permissions
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44975
GHSA-6j6v-724c-h5fm