Primary

Context

Lenovo Scanner Pro Arbitrary File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

A vulnerability allowing arbitrary file upload has been identified in the Lenovo Scanner Pro client. This vulnerability was discovered during an internal security assessment and could lead to remote code execution or unauthorized control of the affected system.

Impact

Exploitation of this vulnerability could result in remote code execution on the affected system.

Remediation

Lenovo has discontinued support for this product and recommends that customers stop using it.

Added: Nov 12, 2025, 8:29 PM

Updated: Nov 12, 2025, 8:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.4

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.4

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Lenovo Scanner Pro Arbitrary File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating