Lenovo Protection Driver Flaw Enables Privilege Escalation and Code Execution

Lenovo Protection Driver Flaw Enables Privilege Escalation and Code Execution A critical security vulnerability has been discovered in Lenovo’s protection driver software, affecting millions of users across desktop and laptop systems. The flaw, identified asCVE-2025-4657, allows local attackers with elevated privileges to execute arbitrary code through a buffer overflow exploit, posing significant security risks to enterprise and consumer environments. Vulnerability Details and Impact The security advisory LEN-195370,publishedon July 8, 2025, reveals that Lenovo Protection Driver versions prior to 5.1.110.4231 contain a dangerous buffer overflow vulnerability. This flaw specifically affects three key Lenovo applications: Lenovo PC Manager, Lenovo Browser, and Lenovo App Store, which collectively represent core software components used by millions of users worldwide. The vulnerability enables privilege escalation attacks, where malicious actors can gain unauthorized administrative acces...