PC Manager
by Lenovo
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-10495 | Hig | 0.49 | 7.5 | 0.00 | Nov 12, 2025 | A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code. | ||
| CVE-2026-2640 | 0.00 | — | 0.00 | Mar 11, 2026 | During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes. | |||
| CVE-2025-63946 | 0.00 | — | 0.00 | Feb 23, 2026 | A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17.10.28554.205 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. | |||
| CVE-2025-10581 | 0.00 | — | 0.00 | Oct 15, 2025 | A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges. | |||
| CVE-2025-49728 | 0.00 | — | 0.00 | Sep 16, 2025 | Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally. | |||
| CVE-2025-53795 | 0.00 | — | 0.00 | Aug 21, 2025 | Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2025-8098 | 0.00 | — | 0.00 | Aug 18, 2025 | An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges. | |||
| CVE-2025-49738 | 0.00 | — | 0.01 | Jul 8, 2025 | Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-47993 | 0.00 | — | 0.01 | Jul 8, 2025 | Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-2503 | 0.00 | — | 0.00 | May 30, 2025 | An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user. | |||
| CVE-2025-2502 | 0.00 | — | 0.00 | May 30, 2025 | An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. | |||
| CVE-2025-2501 | 0.00 | — | 0.00 | May 30, 2025 | An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. | |||
| CVE-2025-29975 | 0.00 | — | 0.01 | May 13, 2025 | Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. |
- risk 0.49cvss 7.5epss 0.00
A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code.
- CVE-2026-2640Mar 11, 2026risk 0.00cvss —epss 0.00
During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes.
- CVE-2025-63946Feb 23, 2026risk 0.00cvss —epss 0.00
A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17.10.28554.205 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.
- CVE-2025-10581Oct 15, 2025risk 0.00cvss —epss 0.00
A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges.
- CVE-2025-49728Sep 16, 2025risk 0.00cvss —epss 0.00
Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally.
- CVE-2025-53795Aug 21, 2025risk 0.00cvss —epss 0.00
Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.
- CVE-2025-8098Aug 18, 2025risk 0.00cvss —epss 0.00
An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges.
- CVE-2025-49738Jul 8, 2025risk 0.00cvss —epss 0.01
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
- CVE-2025-47993Jul 8, 2025risk 0.00cvss —epss 0.01
Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
- CVE-2025-2503May 30, 2025risk 0.00cvss —epss 0.00
An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user.
- CVE-2025-2502May 30, 2025risk 0.00cvss —epss 0.00
An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
- CVE-2025-2501May 30, 2025risk 0.00cvss —epss 0.00
An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
- CVE-2025-29975May 13, 2025risk 0.00cvss —epss 0.01
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.