Lenovo update for Intel Ethernet Connections Boot Utility software
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Unquoted Search Path or Element
EUVDB-ID: #VU109161
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-20015
CWE-ID:
CWE-428 - Unquoted Search Path or Element
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to uncontrolled search path element. A local user can gain elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsThinkStation P7 Intel Workstation: All versions
ThinkStation P5 Workstation: All versions
ThinkStation P920 Workstation: All versions
ThinkStation P720 Workstation: All versions
ThinkStation P520c Workstation: All versions
ThinkStation P520 Workstation: All versions
Intel Ethernet Connection Driver for Windows 11 (Version 24H2) - ThinkStation P7: before 1.3534.0
Intel Ethernet Connection Driver for Windows 11 (Version 24H2) - ThinkStation P5: before 1.3534.0
Intel(R) Ethernet Connection Driver for Windows 11 (Version 22H2 or Later) - ThinkStation P520, P520C, P720, P920: before 1.3534.0
Intel(R) Ethernet Connection Driver for Windows 11 IoT (Version 24H2) - ThinkStation P5, P7: before 1.3534.0
CPE2.3- cpe:2.3:h:lenovo:thinkstation_p7_intel_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p5_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p920_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p720_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p520c_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p520_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:intel_ethernet_connection_driver_for_windows_11_version_24h2_-_thinkstation_p7:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:intel_ethernet_connection_driver_for_windows_11_version_24h2_-_thinkstation_p5:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:intelr_ethernet_connection_driver_for_windows_11_version_22h2_or_later_-_thinkstation_p520_p520c_p720_p920:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:intelr_ethernet_connection_driver_for_windows_11_iot_version_24h2_-_thinkstation_p5_p7:*:*:*:*:*:*:*:*
https://support.lenovo.com/us/en/product_security/LEN-189578
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
