CVE-2025-0886 - Vulnerability Details - OpenCVE

An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://support.lenovo.com/us/en/product_security/LEN-182738

History

Thu, 17 Jul 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 17 Jul 2025 19:30:00 +0000

Type	Values Removed	Values Added
Description		An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges.
Weaknesses		CWE-276
References		https://support.lenovo.com/us/en/product_security/LEN-182738
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2025-07-17T19:16:16.273Z

Updated: 2025-07-17T20:09:10.929Z

Reserved: 2025-01-30T16:35:23.042Z

Link: CVE-2025-0886

Vulnrichment

Updated: 2025-07-17T20:09:07.367Z

NVD

Status : Awaiting Analysis

Published: 2025-07-17T20:15:28.130

Modified: 2025-07-17T21:15:50.197

Link: CVE-2025-0886

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0886", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2025-01-30T16:35:23.042Z", "datePublished": "2025-07-17T19:16:16.273Z", "dateUpdated": "2025-07-17T20:09:10.929Z"}, "containers": {"cna": {"cpeApplicability": [{"nodes": [{"operator": "OR", "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_p16s_gen_2_type_21hk_21hl_laptop_thinkpad:*:*:*:*:*:*:*:*", "versionEndExcluding": "1000.100.108.858"}, {"vulnerable": true, "criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_for_x13_yoga_gen_4_type_21f2_21f3_laptop_thinkpad:*:*:*:*:*:*:*:*", "versionEndExcluding": "1000.100.108.761"}, {"vulnerable": true, "criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_t14_gen_3_type_21ah_21aj_laptop_thinkpad:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.2.61209.5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_t14_gen_3_type_21cf_21cg_laptop_thinkpad:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.2.61209.5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_p16_gen_2_type_21fa_21fb_laptop_thinkpad:*:*:*:*:*:*:*:*", "versionEndExcluding": "1000.100.108.774"}, {"vulnerable": true, "criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_p14s_gen_4_type_21k5_21k6_laptop_thinkpad:*:*:*:*:*:*:*:*", "versionEndExcluding": "1000.100.108.1893"}, {"vulnerable": true, "criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_t14_gen_5_type_21mc_21md_laptops_thinkpad:*:*:*:*:*:*:*:*", "versionEndExcluding": "1000.100.108.6136"}, {"vulnerable": true, "criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_t14s_gen_4_type_21f8_21f9_laptop_thinkpad:*:*:*:*:*:*:*:*", "versionEndExcluding": "1000.100.108.1893"}, {"vulnerable": true, "criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_x13_gen_4_type_21j3_21j4_laptop_thinkpad:*:*:*:*:*:*:*:*", "versionEndExcluding": "1000.100.108.2234"}, {"vulnerable": true, "criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_p16v_gen_1_type_21fe_21ff_laptop_thinkpad:*:*:*:*:*:*:*:*", "versionEndExcluding": "1000.100.108.2235"}, {"vulnerable": true, "criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_p1_gen_6_type_21fv_21fw_laptop_thinkpad:*:*:*:*:*:*:*:*", "versionEndExcluding": "1000.100.108.548"}, {"vulnerable": true, "criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_t14s_gen_5_type_21ls_21lt_laptop_thinkpad:*:*:*:*:*:*:*:*", "versionEndExcluding": "1000.100.108.801"}, {"vulnerable": true, "criteria": "cpe:2.3:a:elliptic_human_presence_detection_device_driver_for_lenovo:p14s_gen_5_type_21g2_21g3_laptops_thinkpad:*:*:*:*:*:*:*:*", "versionEndExcluding": "1000.100.108.801"}, {"vulnerable": true, "criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_p16v_gen_2_type_21kx_21ky_laptops_thinkpad:*:*:*:*:*:*:*:*", "versionEndExcluding": "1000.100.108.801"}, {"vulnerable": true, "criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_p1_gen_7_type_21kv_21kw_laptop_thinkpad:*:*:*:*:*:*:*:*", "versionEndExcluding": "1000.100.108.801"}, {"vulnerable": true, "criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_x1_2_in_1_gen_9_type_21ke_21kf_laptop_thinkpad:*:*:*:*:*:*:*:*", "versionEndExcluding": "1000.100.108.801"}, {"vulnerable": true, "criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_t16_gen_2_type_21k7_21k8_laptop_thinkpad:*:*:*:*:*:*:*:*", "versionEndExcluding": "1000.100.106.2391"}, {"vulnerable": true, "criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_p16v_gen_1_type_21fc_21fd_laptop_thinkpad:*:*:*:*:*:*:*:*", "versionEndExcluding": "1000.100.108.900"}, {"vulnerable": true, "criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_driver_for_t14s_gen_6_type_21m1_21m2_laptops_thinkpad:*:*:*:*:*:*:*:*", "versionEndExcluding": "1000.100.109.82"}]}]}], "affected": [{"defaultStatus": "unaffected", "product": "Elliptic Virtual Lock Sensor Service For ThinkPad P1 Gen 6 (Type 21FV, 21FW)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.548", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Human Presence Detection Driver for ThinkPad P1 Gen 7 (Type 21KV, 21KW)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.801", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Virtual Lock Sensor Service for P14s Gen 4 (Type 21HF, 21HG)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.858", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Human Presence Detection Device Driver for ThinkPad P14s Gen 4 (Type 21K5, 21K6)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.1893", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Human Presence Detection Driver for ThinkPad P14s Gen 5 (Type 21G2, 21G3)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.801", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Human Presence Detection Device Driver for ThinkPad P14s Gen 5 (Type 21ME, 21MF)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.6136", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Human Presence detection Device Driver for ThinkPad P16 Gen 2 (Type 21FA, 21FB)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.774", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Virtual Lock Sensor Service for P16s Gen 2 (Type 21HK, 21HL)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.858", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Human Presence Detection Device Driver for ThinkPad P16s Gen 2 (Type 21K9, 21KA)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.106.2391", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "lliptic Human Presence Detection Driver for P16s Gen 3 (Type 21KS, 21KT)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.801", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Human Presence Detection Device Driver for ThinkPad P16v Gen 1 (Type 21FC, 21FD)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.900", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Human Presence Detection Driver for ThinkPad P16v Gen 1 (Type 21FE, 21FF)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.2235", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Human Presence Detection Device Driver for ThinkPad P16v Gen 2 (Type 21KX, 21KY)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.801", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Virtual Lock Sensor Service for ThinkPad T14 Gen 3 (Type 21AH, 21AJ)", "vendor": "Lenovo", "versions": [{"lessThan": "3.2.61209.5", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Virtual Lock Sensor Service for ThinkPad T14 Gen 3 (Type 21CF, 21CG))", "vendor": "Lenovo", "versions": [{"lessThan": "3.2.61209.5", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Virtual Lock Sensor Service for T14 Gen 4 (Type 21HD, 21HE)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.858", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Human Presence Detection Device Driver for T14 Gen 4 (Type 21K3, 21K4)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.1893", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "lliptic Human Presence Detection Device Driver for T14 Gen 5 (Type 21MC, 21MD)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.6136", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Human Presence Detection Device Driver for T14 Gen 5 (Type 21ML, 21MM)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.801", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Virtual Lock Sensor Service for T14s Gen 4 (Type 21F6, 21F7)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.858", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Human Presence Detection Device Driver for ThinkPad T14s Gen 4 (Type 21F8, 21F9)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.1893", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Human Presence Detection Device Driver for T14s Gen 5 (Type 21LS, 21LT)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.801", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Human Presence Detection driver for ThinkPad T14s Gen 6 (Type 21M1, 21M2)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.109.82", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Virtual Lock Sensor Service for T16 Gen 2 (Type 21HH, 21HJ)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.858", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Human Presence Detection Device Driver for T16 Gen 2 (Type 21K7 21K8)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.106.2391", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Human Presence Detection Device Driver for T16 Gen 3 (Type 21MN, 21MQ)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.801", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Virtual Lock Sensor Service for X1 2-in-1 Gen 9 (Type 21KE, 21KF)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.801", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Virtual Lock Sensor Service for ThinkPad X1 Carbon 12th Gen (Type 21KC, 21KD)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.801", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Human Presence Detection Device Driver for X13 2-in-1 Gen 5 (Type 21LW, 21LX)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.801", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Virtual Lock Sensor for ThinkPad X13 Gen 4 (Type 21EX, 21EY)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.761", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Human Presence Detection Driver for ThinkPad X13 Gen 4 (Type 21J3, 21J4)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.2234", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Human Presence Detection Device Driver for X13 Gen 5 (Type 21LU, 21LV)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.801", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Elliptic Virtual Lock Sensor for X13 Yoga Gen 4 (Type 21F2, 21F3)", "vendor": "Lenovo", "versions": [{"lessThan": "1000.100.108.761", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Lenovo thanks Alexander Staalgaard, JN Data Red Team, for reporting this issue."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges. </span>"}], "value": "An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.5, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276: Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2025-07-17T19:16:16.273Z"}, "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-182738"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Update to the version (or newer) indicated for your model in the Product Impact section: <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-182738\">https://support.lenovo.com/us/en/product_security/LEN-182738</a></span><br>"}], "value": "Update to the version (or newer) indicated for your model in the Product Impact section:\u00c2\u00a0 https://support.lenovo.com/us/en/product_security/LEN-182738"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-17T20:08:57.428883Z", "id": "CVE-2025-0886", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-17T20:09:10.929Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0886", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-17T20:08:57.428883Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-17T20:09:07.367Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Lenovo thanks Alexander Staalgaard, JN Data Red Team, for reporting this issue."}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Lenovo", "product": "Elliptic Virtual Lock Sensor Service For ThinkPad P1 Gen 6 (Type 21FV, 21FW)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.548", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Human Presence Detection Driver for ThinkPad P1 Gen 7 (Type 21KV, 21KW)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.801", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Virtual Lock Sensor Service for P14s Gen 4 (Type 21HF, 21HG)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.858", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Human Presence Detection Device Driver for ThinkPad P14s Gen 4 (Type 21K5, 21K6)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.1893", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Human Presence Detection Driver for ThinkPad P14s Gen 5 (Type 21G2, 21G3)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.801", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Human Presence Detection Device Driver for ThinkPad P14s Gen 5 (Type 21ME, 21MF)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.6136", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Human Presence detection Device Driver for ThinkPad P16 Gen 2 (Type 21FA, 21FB)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.774", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Virtual Lock Sensor Service for P16s Gen 2 (Type 21HK, 21HL)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.858", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Human Presence Detection Device Driver for ThinkPad P16s Gen 2 (Type 21K9, 21KA)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.106.2391", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "lliptic Human Presence Detection Driver for P16s Gen 3 (Type 21KS, 21KT)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.801", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Human Presence Detection Device Driver for ThinkPad P16v Gen 1 (Type 21FC, 21FD)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.900", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Human Presence Detection Driver for ThinkPad P16v Gen 1 (Type 21FE, 21FF)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.2235", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Human Presence Detection Device Driver for ThinkPad P16v Gen 2 (Type 21KX, 21KY)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.801", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Virtual Lock Sensor Service for ThinkPad T14 Gen 3 (Type 21AH, 21AJ)", "versions": [{"status": "affected", "version": "0", "lessThan": "3.2.61209.5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Virtual Lock Sensor Service for ThinkPad T14 Gen 3 (Type 21CF, 21CG))", "versions": [{"status": "affected", "version": "0", "lessThan": "3.2.61209.5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Virtual Lock Sensor Service for T14 Gen 4 (Type 21HD, 21HE)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.858", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Human Presence Detection Device Driver for T14 Gen 4 (Type 21K3, 21K4)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.1893", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "lliptic Human Presence Detection Device Driver for T14 Gen 5 (Type 21MC, 21MD)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.6136", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Human Presence Detection Device Driver for T14 Gen 5 (Type 21ML, 21MM)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.801", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Virtual Lock Sensor Service for T14s Gen 4 (Type 21F6, 21F7)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.858", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Human Presence Detection Device Driver for ThinkPad T14s Gen 4 (Type 21F8, 21F9)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.1893", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Human Presence Detection Device Driver for T14s Gen 5 (Type 21LS, 21LT)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.801", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Human Presence Detection driver for ThinkPad T14s Gen 6 (Type 21M1, 21M2)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.109.82", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Virtual Lock Sensor Service for T16 Gen 2 (Type 21HH, 21HJ)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.858", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Human Presence Detection Device Driver for T16 Gen 2 (Type 21K7 21K8)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.106.2391", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Human Presence Detection Device Driver for T16 Gen 3 (Type 21MN, 21MQ)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.801", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Virtual Lock Sensor Service for X1 2-in-1 Gen 9 (Type 21KE, 21KF)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.801", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Virtual Lock Sensor Service for ThinkPad X1 Carbon 12th Gen (Type 21KC, 21KD)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.801", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Human Presence Detection Device Driver for X13 2-in-1 Gen 5 (Type 21LW, 21LX)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.801", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Virtual Lock Sensor for ThinkPad X13 Gen 4 (Type 21EX, 21EY)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.761", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Human Presence Detection Driver for ThinkPad X13 Gen 4 (Type 21J3, 21J4)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.2234", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Human Presence Detection Device Driver for X13 Gen 5 (Type 21LU, 21LV)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.801", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Elliptic Virtual Lock Sensor for X13 Yoga Gen 4 (Type 21F2, 21F3)", "versions": [{"status": "affected", "version": "0", "lessThan": "1000.100.108.761", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to the version (or newer) indicated for your model in the Product Impact section:\u00c2\u00a0 https://support.lenovo.com/us/en/product_security/LEN-182738", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Update to the version (or newer) indicated for your model in the Product Impact section: <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-182738\">https://support.lenovo.com/us/en/product_security/LEN-182738</a></span><br>", "base64": false}]}], "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-182738"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges. </span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276: Incorrect Default Permissions"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_p16s_gen_2_type_21hk_21hl_laptop_thinkpad:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1000.100.108.858"}, {"criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_for_x13_yoga_gen_4_type_21f2_21f3_laptop_thinkpad:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1000.100.108.761"}, {"criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_t14_gen_3_type_21ah_21aj_laptop_thinkpad:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "3.2.61209.5"}, {"criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_t14_gen_3_type_21cf_21cg_laptop_thinkpad:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "3.2.61209.5"}, {"criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_p16_gen_2_type_21fa_21fb_laptop_thinkpad:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1000.100.108.774"}, {"criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_p14s_gen_4_type_21k5_21k6_laptop_thinkpad:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1000.100.108.1893"}, {"criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_t14_gen_5_type_21mc_21md_laptops_thinkpad:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1000.100.108.6136"}, {"criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_t14s_gen_4_type_21f8_21f9_laptop_thinkpad:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1000.100.108.1893"}, {"criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_x13_gen_4_type_21j3_21j4_laptop_thinkpad:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1000.100.108.2234"}, {"criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_p16v_gen_1_type_21fe_21ff_laptop_thinkpad:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1000.100.108.2235"}, {"criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_p1_gen_6_type_21fv_21fw_laptop_thinkpad:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1000.100.108.548"}, {"criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_t14s_gen_5_type_21ls_21lt_laptop_thinkpad:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1000.100.108.801"}, {"criteria": "cpe:2.3:a:elliptic_human_presence_detection_device_driver_for_lenovo:p14s_gen_5_type_21g2_21g3_laptops_thinkpad:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1000.100.108.801"}, {"criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_p16v_gen_2_type_21kx_21ky_laptops_thinkpad:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1000.100.108.801"}, {"criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_p1_gen_7_type_21kv_21kw_laptop_thinkpad:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1000.100.108.801"}, {"criteria": "cpe:2.3:a:lenovo:elliptic_virtual_lock_sensor_service_for_x1_2_in_1_gen_9_type_21ke_21kf_laptop_thinkpad:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1000.100.108.801"}, {"criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_t16_gen_2_type_21k7_21k8_laptop_thinkpad:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1000.100.106.2391"}, {"criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_device_driver_for_p16v_gen_1_type_21fc_21fd_laptop_thinkpad:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1000.100.108.900"}, {"criteria": "cpe:2.3:a:lenovo:elliptic_human_presence_detection_driver_for_t14s_gen_6_type_21m1_21m2_laptops_thinkpad:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1000.100.109.82"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2025-07-17T19:16:16.273Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0886", "state": "PUBLISHED", "dateUpdated": "2025-07-17T20:09:10.929Z", "dateReserved": "2025-01-30T16:35:23.042Z", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "datePublished": "2025-07-17T19:16:16.273Z", "assignerShortName": "lenovo"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges."}], "id": "CVE-2025-0886", "lastModified": "2025-07-17T21:15:50.197", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@lenovo.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@lenovo.com", "type": "Secondary"}]}, "published": "2025-07-17T20:15:28.130", "references": [{"source": "psirt@lenovo.com", "url": "https://support.lenovo.com/us/en/product_security/LEN-182738"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "psirt@lenovo.com", "type": "Secondary"}]}