Lenovo Vantage
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Lenovo Vantage.
By the Year
In 2026 there have been 4 vulnerabilities in Lenovo Vantage with an average score of 6.3 out of ten. Last year, in 2025 Vantage had 3 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 0.67
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 4 | 6.30 |
| 2025 | 3 | 6.97 |
| 2024 | 2 | 7.30 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 3 | 6.33 |
It may take a day or so for new Vantage vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Lenovo Vantage Security Vulnerabilities
Lenovo PP System Addin: Local Auth Process Termination via Input Validation
CVE-2026-1717
5.5 - Medium
- March 11, 2026
An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges.
Argument Injection
Lenovo Vantage DeviceSettingsSystemAddin input val allows lcl reg key delete
CVE-2026-1716
7.1 - High
- March 11, 2026
An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges.
Argument Injection
Lenovo Vantage Addin Lets Local Auth'd User Escalate Priv & Modify Reg
CVE-2026-1715
7.1 - High
- March 11, 2026
An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges.
Argument Injection
SmartPerformanceAddin LPE via Improper Link Follow in Lenovo Vantage
CVE-2025-13154
5.5 - Medium
- January 14, 2026
An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.
insecure temporary file
Lenovo Vantage LPE via Improper Reg Validation (CVE-2025-6232)
CVE-2025-6232
7.8 - High
- July 17, 2025
An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations.
Lenovo Vantage Config File Tampering Allows Local Privilege Escalation
CVE-2025-6231
7.8 - High
- July 17, 2025
An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file.
Lenovo Vantage Local SQLi Enables Elevated Code Execution
CVE-2025-6230
5.3 - Medium
- July 17, 2025
A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands.
Priv Esc in Lenovo Vantage via Service Impersonation
CVE-2023-6044
6.8 - Medium
- January 19, 2024
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges.
Authentication Bypass by Spoofing
Lenovo Vantage Local Priv Escalation via Integrity Check Bypass
CVE-2023-6043
7.8 - High
- January 19, 2024
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges.
Improper Certificate Validation
A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11
CVE-2020-8345
7.3 - High
- October 14, 2020
A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.
DLL preloading
A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0
CVE-2020-8316
4.4 - Medium
- April 14, 2020
A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges.
Information Disclosure
A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0
CVE-2020-8327
7.3 - High
- April 14, 2020
A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges.
Unquoted Search Path or Element
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Lenovo Vantage or by Lenovo? Click the Watch button to subscribe.
