CVE-2025-8557 | Lenovo XClarity Orchestrator up to 2.1.x LXCO API Service unprotected alternate channel

A vulnerability described as very critical has been identified in Lenovo XClarity Orchestrator up to 2.1.x. Affected by this issue is some unknown functionality of the component LXCO API Service. Such manipulation leads to unprotected alternate channel.

This vulnerability is referenced as CVE-2025-8557. The attack needs to be initiated within the local network. No exploit is available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More