Vulnerabilidades en Lenovo
369 resultadosAnálisis Vexday
Com 369 CVEs catalogadas, o portfólio de vulnerabilidades da Lenovo apresenta taxa de exploração ativa abaixo da média geral do catálogo KEV, sem registros confirmados de exploração em curso. O tipo de falha mais frequente é CWE-20 (validação inadequada de entrada), o que sugere atenção recorrente à sanitização de dados em componentes de firmware e software proprietário. A CVE mais perigosa identificada atualmente é CVE-2022-3699, com score EPSS de 0,0428 — o maior valor observado no conjunto —, indicando probabilidade de exploração ainda relativamente baixa, mas suficiente para justificar priorização em ambientes corporativos que dependem de hardware Lenovo. As 13 vulnerabilidades surgidas nos últimos 90 dias e a presença de 4 falhas críticas reforçam a necessidade de ciclos regulares de atualização de firmware e drivers.
CVE-2025-10238HIGHDuring an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products cEPSS 0.1%CVE-2025-13453MEDIUMA potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the EPSS 0.1%CVE-2022-3701HIGH
A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow aEPSS 0.1%CVE-2022-3702MEDIUM
A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local aEPSS 0.1%CVE-2025-13154MEDIUMAn improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated locaEPSS 0.1%CVE-2025-12046HIGHA DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated usEPSS 0.1%CVE-2026-4135MEDIUMDuring an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could alloEPSS 0.1%CVE-2025-13455HIGHA vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authEPSS 0.1%CVE-2025-13152HIGHA potential DLL hijacking vulnerability was reported in Lenovo One Client during an internal security assessment that could allow a local auEPSS 0.1%CVE-2026-4134HIGHDuring an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could alloEPSS 0.1%CVE-2026-2640MEDIUMDuring an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticatedEPSS 0.1%CVE-2026-0421HIGHA potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in EPSS 0.1%CVE-2025-2503MEDIUMAn improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file EPSS 0.1%CVE-2025-8098HIGHAn improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges.EPSS 0.1%CVE-2026-6090HIGHA potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arEPSS 0.1%CVE-2025-9548MEDIUMA potential null pointer dereference vulnerability was reported in the Lenovo Power Management Driver that could allow a local authenticatedEPSS 0.1%CVE-2022-3700MEDIUMA Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier thatEPSS 0.1%CVE-2025-13155HIGHAn improper permissions vulnerability was reported in Lenovo Baiying Client that could allow a local authenticated user to execute code withEPSS 0.1%CVE-2025-8485HIGHAn improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevEPSS 0.1%CVE-2026-9045HIGHDuring an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise foEPSS 0.1%