CVE-2025-12048 HIGH

CVE-2025-12048

Vendor Lenovo
Product Scanner Pro
Weakness CWE-434 · Unrestricted file upload
Published November 12, 2025
Last update November 12, 2025

CVSS base score

7.7/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the affected system.

Key dates

02Disclosure timeline

November 12, 2025 CVE published
November 12, 2025 Record updated