A critical buffer overflow vulnerability has been identified in Lenovo’s Protection Driver, exposing users of various Lenovo applications to potential local privilege escalation and remote code execution.
Lenovo has cautioned affected users to update key applications immediately to mitigate exploitation risks.
Lenovo Security Advisory LEN-195370 describes a buffer overflow vulnerability in Lenovo Protection Driver versions prior to 5.1.1110.4231.
This driver is embedded within three widely used Lenovo applications: PC Manager, Browser, and App Store. When triggered by a specially crafted input, the overflow can overwrite memory and allow a local attacker with elevated privileges to execute arbitrary code on the system.
Such an attack could lead to unauthorized installation of software, data theft, or further system compromise through privilege escalation.
The vulnerability is cataloged as CVE-2025-4657 and has been assigned a Medium severity rating, reflecting its significant but not catastrophic impact.
The vulnerability specifically affects desktop and laptop models under the ThinkCentre and ThinkPad lines.
Lenovo attributes discovery of the issue to Gareth Evans of cybersecurity firm Kryc, acknowledging his role in responsibly reporting the defect to Lenovo’s security team.
Lenovo Protection Driver Vulnerability
To address this security gap, Lenovo recommends users update their affected applications to the following minimum versions:
- Lenovo PC Manager: version 5.1.110.5082 or above
- Lenovo Browser: version 9.0.6.5061 or above
- Lenovo App Store: version 9.0.2230.0617 or above
Upon launching any of these applications post-update, the Lenovo Protection Driver will automatically upgrade to version 5.1.1110.4231 or later.
To verify successful deployment of the patched driver, navigate to C:\Windows\System32\drivers\lrpt.sys, right-click the file, select Properties > Details and confirm that the File Version is 5.1.110.4231 or higher.
Users who fail to perform these updates remain vulnerable to potential local exploits capable of granting system-level privileges.
Responsible Disclosure
Lenovo’s handling of the CVE-2025-4657 follows industry best practices in coordinated vulnerability disclosure.
After receiving the report from Gareth Evans, Lenovo’s security team conducted an internal analysis and developed the necessary patches.
The initial advisory was released on July 8, 2025, with a subsequent revision on July 18, 2025, adding acknowledgments to the researcher and clarifying the update process.
This transparent communication model ensures that enterprise and consumer users alike are informed promptly and can take remedial action.
While no active exploitation of this vulnerability has been reported in the wild to date, organizations are urged to treat the patch release as an urgent priority.
Failure to apply the updates could leave endpoints susceptible to local privilege escalation attacks, which are often precursors to more extensive network intrusions.
Lenovo’s swift response and automatic deployment mechanism aim to minimize the window of exposure and protect its user base from potential threats.
By proactively updating the Lenovo PC Manager, Browser, and App Store clients, users can ensure the Protection Driver is fortified against buffer overflow attacks.
This incident underscores the importance of maintaining up-to-date security software and highlights the value of collaborative efforts between researchers and vendors in safeguarding digital ecosystems.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?w=356&resize=356,220&ssl=1 "Microsoft Teams Blocking Users from Accessing Embedded Office Documents")
