CVE-2025-1700
BaseFortify
Publication date: 2025-07-17
Last updated on: 2025-07-17
Assigner: Lenovo Group Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| motorola | rescue_and_smart_assistant | * |
| motorola | software_fix | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-1700 is a high-severity DLL hijacking vulnerability in the Motorola Software Fix installer (including Rescue and Smart Assistant). A local attacker can escalate privileges by repackaging the application with a malicious DLL or tricking the user into placing a malicious DLL in a directory the application loads libraries from. [1]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to escalate privileges during the installation of the Motorola Software Fix software, potentially compromising the affected system. However, the impact is limited to the Motorola Software Fix application. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Motorola Software Fix installer to version 7.3 or higher, as these versions contain the fix. Additionally, only download Motorola and Lenovo applications from the official Motorola or Lenovo websites to avoid tampered installers. [1]