CVE Alert: CVE-2025-10581 - Lenovo - PC Manager

CVE-2025-10581

HIGHNo exploitation known

A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges.

CVSS v3.1 (7.8)

AV LOCAL · AC LOW · PR LOW · UI NONE · S UNCHANGED

Vendor

Lenovo

Product

PC Manager

Versions

0 lt 5.1.140.9262

CWE

CWE-427, CWE-427: Uncontrolled Search Path Element

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published

2025-10-15T14:25:49.015Z

Updated

2025-10-16T03:56:51.138Z

References

https://iknow.lenovo.com.cn/detail/432378

AI Summary Analysis

Risk verdict

High risk of local privilege escalation; exploitation is not evidenced in the wild, but patch promptly to mitigate.

Why this matters

Lenovo PC Manager is commonly bundled on Lenovo devices; an LPE could allow a local authenticated user to execute code with elevated privileges, potentially compromising data, security controls, and persistence. In enterprise settings, such a foothold can enable lateral movement or undermining of endpoint integrity.

Most likely attack path

Exploitation requires local access with low privileges and no user interaction. An attacker could exploit DLL hijacking by placing or loading a malicious DLL in a path PC Manager loads from, enabling code execution with high integrity. The vulnerability’s CVSS metrics indicate local access, low attack complexity, and high impact on confidentiality, integrity, and availability.

Who is most exposed

Devices running Lenovo PC Manager, especially in corporate fleets or preconfigured Lenovo laptops, are at greatest risk given installation prevalence and potential privilege in loading components.

Detection ideas

Alert on unexpected DLLs in PC Manager install directories or known load paths.
Monitor process creation or DLL load events associated with PC Manager that occur with elevated privileges.
Look for DLL search path hijack indicators (suspicious DLL names, duplication of legitimate filenames).
Check for unusual startup/plugin loading order changes related to PC Manager.
Validate digital signatures of PC Manager components and loaded DLLs.

Mitigation and prioritisation

Patch to version 5.1.140.9262 or later, apply urgently.
Enforce least-privilege for PC Manager, enable AppLocker/WDAC, and restrict DLL loading from user-writable directories; enforce code signing.
Strengthen baseline controls (HVCI/EDR, tamper protection) and perform regular integrity checks.
Change-management: test in lab, plan rollout with rollback, monitor after deployment for anomalies.
If KEV true or EPSS ≥ 0.5 data becomes available, treat as Priority 1.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: CVE, cve-2025-10581, lenovo, OSINT, pc-manager, threatintel