What is CVE-2025-13154?

CVE-2025-13154 is a medium-severity vulnerability in Lenovo Vantage, classified under Improper Link Resolution Before File Access. CVSS score: 5.5/10. Published 2026-01-14.

How severe is CVE-2025-13154?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Vulnerability in Lenovo Vantage

CVE-2025-13154

An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.

EPSS: 0.000 (10.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Lenovo Vantage — versions 0

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

References

support.lenovo.com/us/en/product_security/LEN-208293

Frequently asked questions

What is CVE-2025-13154?: CVE-2025-13154 is a medium-severity vulnerability in Lenovo Vantage, classified under Improper Link Resolution Before File Access. CVSS score: 5.5/10. Published 2026-01-14.
How severe is CVE-2025-13154?: Medium severity. CVSS v3 base score is 5.5 out of 10.