Nixpkgs security tracker

Untriaged

Permalink CVE-2025-13154

5.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 3 months ago

An improper link following vulnerability was reported in the SmartPerformanceAddin …

An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.

References

https://support.lenovo.com/us/en/product_security/LEN-208293

Affected products

Vantage

<1.1.0.1111

Matching in nixpkgs

pkgs.typstPackages.vantage-cv_1_0_0

An ATS friendly simple Typst CV template

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-25.11 1.0.0
- nixpkgs-25.11-darwin 1.0.0

pkgs.python312Packages.advantage-air

API helper for Advantage Air's MyAir and e-zone API

nixos-unstable 0.4.4
- nixpkgs-unstable 0.4.4
- nixos-unstable-small 0.4.4
nixos-25.11 0.4.4
- nixpkgs-25.11-darwin 0.4.4

pkgs.python312Packages.alpha-vantage

Python module for the Alpha Vantage API

nixos-unstable 3.0.0
- nixpkgs-unstable 3.0.0
- nixos-unstable-small 3.0.0
nixos-25.11 3.0.0
- nixpkgs-25.11-darwin 3.0.0

pkgs.python313Packages.advantage-air