A potential vulnerability was reported in the Lenovo Wallpaper Client that could allow arbitrary code execution under certain conditions.

CVE-2025-9319 is a high-severity vulnerability identified in the Lenovo Wallpaper Client, categorized under CWE-494: Download of Code Without Integrity Check. This vulnerability arises because the Lenovo Wallpaper Client downloads code or executable content without verifying its integrity, such as through cryptographic signatures or checksums. As a result, an attacker could intercept or manipulate the downloaded content, injecting malicious code that the client would then execute. The vulnerability allows for arbitrary code execution under certain conditions, which means an attacker could potentially run any code of their choosing on the affected system. According to the CVSS 4.0 vector (AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N), the attack can be performed remotely over the network without requiring privileges but does require user interaction. The vulnerability impacts confidentiality, integrity, and availability at a high level, as the attacker could execute arbitrary code leading to system compromise, data theft, or disruption. No patches or known exploits in the wild have been reported yet, but the vulnerability is published and should be considered a significant risk due to the ease of exploitation and potential impact. The affected version is listed as "0," which likely indicates an initial or default version of the Wallpaper Client, suggesting that all current versions may be vulnerable unless updated. The lack of integrity checks in code downloads is a critical security flaw, especially for software that automatically updates or downloads content from the internet, as it opens the door for man-in-the-middle attacks or supply chain compromises.

CVE Database V5

Detailed information about CVE-2025-9319: CWE-494: Download of Code Without Integrity Check in Lenovo Wallpaper Client affecting Lenovo Wallpaper Client. Get re

CVE-2025-9319: CWE-494: Download of Code Without Integrity Check in Lenovo Wallpaper Client - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-9319: CWE-494: Download of Code Without Integrity Check in Lenovo Wallpaper Client

A potential DLL hijacking vulnerability was discovered in Lenovo Browser during an internal security assessment that could allow a local user to execute code with elevated privileges.

CVE-2025-9201 is a high-severity vulnerability identified in the Lenovo Browser, classified under CWE-427: Uncontrolled Search Path Element. This vulnerability stems from the browser's improper handling of DLL search paths, which can be exploited via DLL hijacking. Specifically, a local attacker with limited privileges can place a malicious DLL in a location that the Lenovo Browser searches before the legitimate DLLs, causing the browser to load and execute the attacker's code. This leads to code execution with elevated privileges, potentially allowing the attacker to compromise system integrity and confidentiality. The vulnerability does not require user interaction and has a low attack complexity, but it does require local access with some privileges (PR:L). The CVSS 4.0 vector indicates high impact on confidentiality, integrity, and availability, with no scope change or user interaction needed. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating that mitigation may currently rely on workarounds or vendor updates in the near future.

Detailed information about CVE-2025-9201: CWE-427: Uncontrolled Search Path Element in Lenovo Browser affecting Lenovo Browser. Get real-time updates, technical

CVE-2025-9201: CWE-427: Uncontrolled Search Path Element in Lenovo Browser - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-9201: CWE-427: Uncontrolled Search Path Element in Lenovo Browser

An internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below vulnerability:

An attacker with access to a device on the local Lenovo XClarity Orchestrator (LXCO) network segment may be able to manipulate the local device to create an alternate communication channel which could allow the attacker, under certain conditions, to directly interact with backend LXCO API services typically inaccessible to users. While access controls may limit the scope of interaction, this could result in unauthorized access to internal functionality or data. This issue is not exploitable from remote networks.

CVE-2025-8557 is a high-severity vulnerability identified in Lenovo XClarity Orchestrator (LXCO), a management tool used for data center infrastructure orchestration. The vulnerability is classified under CWE-420, which refers to an unprotected alternate channel. Specifically, an attacker who has access to a device on the local LXCO network segment can manipulate that device to establish an alternate communication channel. This channel could allow the attacker to interact directly with backend LXCO API services that are normally inaccessible to users. Although access controls may limit the extent of interaction, the vulnerability could still lead to unauthorized access to internal functionalities or sensitive data within the orchestrator environment. Importantly, this vulnerability is not exploitable remotely; the attacker must have local network access to the LXCO segment. The CVSS 4.0 base score is 8.7, reflecting a high severity due to the potential for high impact on confidentiality, integrity, and availability without requiring authentication or user interaction. The vulnerability was discovered during an internal product security audit and has no known exploits in the wild as of the published date. No patches or mitigations have been explicitly linked yet, indicating that organizations using affected versions should prioritize risk assessment and containment strategies.

Detailed information about CVE-2025-8557: CWE-420: Unprotected Alternate Channel in Lenovo XClarity Orchestrator (LXCO) affecting Lenovo XClarity Orchestrator (

CVE-2025-8557: CWE-420: Unprotected Alternate Channel in Lenovo XClarity Orchestrator (LXCO) - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8557: CWE-420: Unprotected Alternate Channel in Lenovo XClarity Orchestrator (LXCO)

A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated local user to execute code with elevated privileges. The Lenovo Dispatcher 3.2 driver is not affected.
Â 
This vulnerability does not affect systems when the Windows feature Core Isolation Memory Integrity is enabled. Lenovo systems preloaded with Windows 11 have this feature enabled by default.

CVE-2025-8061 is a high-severity vulnerability identified in the Lenovo Dispatcher 3.0 and 3.1 drivers, which are components used in some Lenovo consumer notebooks. The vulnerability is classified under CWE-782, indicating an exposed IOCTL (Input Output Control) interface with insufficient access control. This flaw allows an authenticated local user—meaning someone with a valid user account on the affected system—to potentially execute arbitrary code with elevated privileges. Essentially, the vulnerability could be exploited to escalate privileges from a standard user to a higher privileged context, such as SYSTEM or kernel mode, thereby compromising the integrity and security of the system. The vulnerability does not affect the Lenovo Dispatcher 3.2 driver, nor systems where the Windows Core Isolation Memory Integrity feature is enabled, which is a security feature designed to protect against kernel-level exploits by isolating critical processes. Notably, Windows 11 systems preloaded on Lenovo devices have this feature enabled by default, mitigating the risk on those platforms. The CVSS 4.0 base score is 7.3, reflecting a high severity level. The vector indicates that the attack requires local access (AV:L), high attack complexity (AC:H), no user interaction (UI:N), and low privileges (PR:L). The vulnerability impacts confidentiality, integrity, and availability highly (VC:H, VI:H, VA:H), but does not affect scope or require authentication tokens beyond local user privileges. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating that remediation may still be pending or in progress. This vulnerability is significant because it could allow malicious insiders or malware running with user-level privileges to gain full control over the system, bypassing security controls and potentially enabling persistence, data theft, or further network compromise.

Detailed information about CVE-2025-8061: CWE-782: Exposed IOCTL with Insufficient Access Control in Lenovo Dispatcher 3.0 Driver affecting Lenovo Dispatcher 3.

CVE-2025-8061: CWE-782: Exposed IOCTL with Insufficient Access Control in Lenovo Dispatcher 3.0 Driver - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8061: CWE-782: Exposed IOCTL with Insufficient Access Control in Lenovo Dispatcher 3.0 Driver

A missing authentication vulnerability was reported in some Lenovo printers that could allow a user to view limited device information or modify network settings via the CUPS service.

Detailed information about CVE-2025-9214: CWE-306: Missing Authentication for Critical Function in Lenovo LJ2206W Printer affecting Lenovo LJ2206W Printer. Get 

CVE-2025-9214: CWE-306: Missing Authentication for Critical Function in Lenovo LJ2206W Printer

CVE-2025-9214: CWE-306: Missing Authentication for Critical Function in Lenovo LJ2206W Printer

Description

Technical Details

Related Threats

CVE-2025-9319: CWE-494: Download of Code Without Integrity Check in Lenovo Wallpaper Client

CVE-2025-9201: CWE-427: Uncontrolled Search Path Element in Lenovo Browser

CVE-2025-8557: CWE-420: Unprotected Alternate Channel in Lenovo XClarity Orchestrator (LXCO)

CVE-2025-8061: CWE-782: Exposed IOCTL with Insufficient Access Control in Lenovo Dispatcher 3.0 Driver

CVE-2025-59053: CWE-94: Improper Control of Generation of Code ('Code Injection') in moeru-ai airi

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility