Lenovo Scanner Pro: Arbitrary File Upload RCE Vulnerability
CVE-2025-12048 Published on November 12, 2025

An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the affected system.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is an Unrestricted File Upload Vulnerability?

The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

CVE-2025-12048 has been classified to as an Unrestricted File Upload vulnerability or weakness.

Products Associated with CVE-2025-12048

Want to know whenever a new CVE is published for Lenovo Scanner Pro? stack.watch will email you.

Lenovo Scanner Pro

Affected Versions

Lenovo Scanner Pro:

Before and including 1.0.0.4 is affected.

Exploit Probability

EPSS

0.11%

Percentile

28.91%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Lenovo Scanner Pro: Arbitrary File Upload RCE VulnerabilityCVE-2025-12048 Published on November 12, 2025

Vulnerability Analysis

Weakness Type

What is an Unrestricted File Upload Vulnerability?

Products Associated with CVE-2025-12048

Affected Versions

Exploit Probability

Lenovo Scanner Pro: Arbitrary File Upload RCE Vulnerability
CVE-2025-12048 Published on November 12, 2025