CVE-2025-8557

Name of the Vulnerable Software and Affected Versions: Lenovo XClarity Orchestrator (LXCO) (affected versions not specified)

Description: An attacker with access to a device on the local network segment may be able to manipulate the device to create an alternate communication channel. This could allow the attacker to directly interact with backend LXCO API services typically inaccessible to users. While access controls may limit the scope of interaction, this could result in unauthorized access to internal functionality or data. This issue is not exploitable from remote networks.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.