CVE-2025-2501 – An untrusted search path vulnerability in Lenov... (How to Fix)

Q: What is the severity of CVE-2025-2501?

CVE-2025-2501 has a CVSS score of 7.8 (HIGH). An untrusted search path vulnerability in Lenovo PC Manager allows local attackers to execute arbitrary code with elevated privileges by placing malicious DLLs in directories searched by the application. This affects Windows systems running vulnerable versions of Lenovo PC Manager. Attackers must have local access to the system to exploit this vulnerability.

📋 TL;DR

An untrusted search path vulnerability in Lenovo PC Manager allows local attackers to execute arbitrary code with elevated privileges by placing malicious DLLs in directories searched by the application. This affects Windows systems running vulnerable versions of Lenovo PC Manager. Attackers must have local access to the system to exploit this vulnerability.

💻 Affected Systems

Products:

Lenovo PC Manager

Versions: Versions prior to 6.0.1.1020

Operating Systems: Windows 10, Windows 11

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where Lenovo PC Manager is installed. The vulnerability exists in the DLL loading mechanism.

📦 What is this software?

Pcmanager by Lenovo

View all CVEs affecting Pcmanager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, enabling installation of persistent malware, data theft, and lateral movement across the network.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls, install additional malware, or access restricted system resources.

🟢

If Mitigated

Limited impact with proper access controls, application whitelisting, and regular patching in place.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local system access.

🏢 Internal Only: HIGH - Malicious insiders or compromised user accounts could exploit this to gain administrative privileges on affected systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access and ability to place malicious DLLs in specific directories. No public exploit code has been reported as of the advisory date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.0.1.1020

Vendor Advisory: https://iknow.lenovo.com.cn/detail/428586

Restart Required: Yes

Instructions:

1. Open Lenovo PC Manager. 2. Check for updates in settings. 3. Install version 6.0.1.1020 or later. 4. Restart the system to complete the update.

🔧 Temporary Workarounds

Remove vulnerable software

windows

Uninstall Lenovo PC Manager if not required for system functionality

Control Panel > Programs > Uninstall a program > Select Lenovo PC Manager > Uninstall

Restrict DLL search paths

windows

Configure Windows to use safe DLL search mode

Set registry key HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode to 1

🧯 If You Can't Patch

Implement strict access controls to limit local user privileges
Deploy application control policies to prevent unauthorized DLL execution

🔍 How to Verify

Check if Vulnerable:

Check Lenovo PC Manager version in Settings > About. If version is below 6.0.1.1020, the system is vulnerable.

Check Version:

wmic product where name="Lenovo PC Manager" get version

Verify Fix Applied:

Confirm Lenovo PC Manager version is 6.0.1.1020 or higher after update.

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing DLL loading from unusual paths
Process creation events with unexpected parent-child relationships

Network Indicators:

Unusual outbound connections from Lenovo PC Manager processes

SIEM Query:

source="Windows Security" AND event_id=4688 AND process_name="*pcmanager*" AND parent_process_name!="explorer.exe"

📊 Metadata

CVE ID: CVE-2025-2501

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-426

EPSS Score: 0.02% exploit probability (5.3th percentile)

Published: May 30, 2025

Last Updated: February 2, 2026

🔗 References

https://iknow.lenovo.com.cn/detail/428586 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2501, you might also want to check these: