Security researchers at Atredis have uncovered multiple privilege escalation vulnerabilities in Lenovo Vantage, a pre-installed management platform on Lenovo laptops that handles device updates, configurations, and system health monitoring.
These flaws, tracked under CVEs 2025-6230, 2025-6231, and 2025-6232, allow unprivileged users to bypass authentication mechanisms and execute code with SYSTEM-level privileges, potentially leading to full system compromise.
Lenovo released patches on July 8, 2025, as part of advisory LEN-196648, addressing all identified issues.
https://gbhackers.com/lenovo-vantage-fl ... attackers/