CVE-2025-13154

Published Jan 14, 2026

Last updated 2 months ago

CVSS medium 6.8

Overview

Description
An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.
Source
psirt@lenovo.com
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
6.8
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Primary
Base score
5.5
Impact score
3.6
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity
MEDIUM

Weaknesses

psirt@lenovo.com
CWE-59

Social media

Hype score
Not currently trending

  1. Lenovo released all patches for the #Lenovo #Vantage #vulnerabilities, which we've reported earlier this year. Our blog now includes the full write‑ups for CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717. 🔗 https://t.co/wK5jsHtFEh

    @cyllective

    11 Mar 2026

    158 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. John Ostrowski (Compass Security) and Manuel Kiesel (Cyllective AG) worked together on CVE-2025-13154, a Lenovo Vantage LPE. Even after Microsoft closed a known primitive, collaboration led to a working PoC. https://t.co/vunXyr408d #Windows #CVE #SecurityResearch #PrivEsc https

    @compasssecurity

    10 Feb 2026

    2795 Impressions

    12 Retweets

    37 Likes

    10 Bookmarks

    1 Reply

    0 Quotes

  3. 🚨 New blog post! Read about CVE-2025-13154, a privilege-escalation vulnerability in a Lenovo Vantage add-in called SmartPerformance. https://t.co/kKq0rEBqTL #windows #cve #infosec #pentest

    @cyllective

    17 Jan 2026

    118 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. 🚨 New blog post! Read about CVE-2025-13154, a privilege escalation vulnarbility in a Lenovo Vantage addin called SmartPerformance. https://t.co/kKq0rEBqTL #windows #cve #infosec #pentest

    @cyllective

    16 Jan 2026

    94 Impressions

    3 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. CVE-2025-13154 Lenovo Vantage SmartPerformanceAddin Local Privilege Escalation via File Deletion https://t.co/kpJcjYheSx

    @VulmonFeeds

    15 Jan 2026

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.