CVE-2025-13154

Medium

Low Medium High Critical

5.5

CVSS Score

Published: Jan 14, 2026

Last Modified: Jan 14, 2026

Vulnerability Description

An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

References & Resources

https://support.lenovo.com/us/en/product_security/LEN-208293
psirt@lenovo.com

Severity Details

5.5

out of 10.0

Medium

Key Information

Published Date: January 14, 2026

External Resources

NIST NVD

National Vulnerability Database

CVE Details

Detailed vulnerability info

MITRE CVE

Official CVE record

CVE Vulnerabilities

Posts & Pages