Primary

Context

Lenovo One Client DLL Hijacking Vulnerability Allowing Privilege Escalation

Vulnerability

A potential DLL hijacking vulnerability has been identified in Lenovo One Client. This vulnerability could allow a local authenticated user to execute code with elevated privileges. The issue was discovered during an internal security assessment.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution with elevated privileges.

Remediation

Lenovo has terminated the One Client service and advises customers to stop using it. For more details, refer to the Lenovo Product Security page. Customers can download the latest version of Lenovo Smart Connect from the Microsoft Store.

Added: Dec 10, 2025, 3:19 PM

Updated: Dec 10, 2025, 3:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Lenovo One Client DLL Hijacking Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating