CVE-2025-6230

A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands.

CVSS v3.0 5.3 MEDIUM

5.3^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-196648	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:lenovo:commercial_vantage::::::::
	cpe:2.3:a:lenovo:vantage::::::::

History

19 Aug 2025, 16:32

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.8~~	v2 : unknown v3 : 5.3

18 Aug 2025, 20:15

Type	Values Removed	Values Added
Summary	~~A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute code with elevated permissions.~~	A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands.

22 Jul 2025, 17:04

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~5.3~~	v2 : unknown v3 : 7.8
References	~~() https://support.lenovo.com/us/en/product_security/LEN-196648 -~~	() https://support.lenovo.com/us/en/product_security/LEN-196648 - Vendor Advisory
CPE		cpe:2.3:a:lenovo:vantage:::::::: cpe:2.3:a:lenovo:commercial_vantage::::::::
First Time		Lenovo commercial Vantage Lenovo vantage Lenovo

17 Jul 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-17 20:15

Updated : 2025-08-19 16:32

NVD link : CVE-2025-6230

Mitre link : CVE-2025-6230

JSON object : View

Products Affected

lenovo

commercial_vantage
vantage

CWE

No CWE.

5.3 /10