CVE-2025-13454 - Vulnerability Details - OpenCVE

A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Lenovo	Thinkplus Fu100 Thinkplus Fu200 Thinkplus Tsd303 Thinkplus Tu800

No data.

No data.

No data.

References

Link	Providers
https://iknow.lenovo.com.cn/detail/436983

History

Wed, 14 Jan 2026 22:30:00 +0000

Type	Values Removed	Values Added
Description		A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information.
First Time appeared		Lenovo Lenovo thinkplus Fu100 Lenovo thinkplus Fu200 Lenovo thinkplus Tsd303 Lenovo thinkplus Tu800
Weaknesses		CWE-319
CPEs		cpe:2.3:h:lenovo:thinkplus_fu100:gen_1:::::::* cpe:2.3:h:lenovo:thinkplus_fu200:gen_1:::::::* cpe:2.3:h:lenovo:thinkplus_tsd303:gen_1:::::::* cpe:2.3:h:lenovo:thinkplus_tu800:gen_1:::::::*
Vendors & Products		Lenovo Lenovo thinkplus Fu100 Lenovo thinkplus Fu200 Lenovo thinkplus Tsd303 Lenovo thinkplus Tu800
References		https://iknow.lenovo.com.cn/detail/436983
Metrics		cvssV3_1 `{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N'}` cvssV4_0 `{'score': 5.7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2026-01-14T22:18:18.306Z

Updated: 2026-01-14T22:18:18.306Z

Reserved: 2025-11-19T19:32:11.064Z

Link: CVE-2025-13454

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-01-14T23:15:55.647

Modified: 2026-01-14T23:15:55.647

Link: CVE-2025-13454

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13454", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2025-11-19T19:32:11.064Z", "datePublished": "2026-01-14T22:18:18.306Z", "dateUpdated": "2026-01-14T22:18:18.306Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ThinkPlus FU100", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "Gen 1"}]}, {"defaultStatus": "unaffected", "product": "ThinkPlus FU200", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "Gen 1"}]}, {"defaultStatus": "unaffected", "product": "ThinkPlus TU800", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "Gen 1"}]}, {"defaultStatus": "unaffected", "product": "ThinkPlus TSD303", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "Gen 1"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkplus_fu100:gen_1:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkplus_fu200:gen_1:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkplus_tu800:gen_1:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkplus_tsd303:gen_1:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "Lenovo thanks Xusheng Li (Vector 35 Inc) for reporting these issues."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><div><div><p>A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information.</p></div></div></div>"}], "value": "A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.7, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319: Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2026-01-14T22:18:18.306Z"}, "references": [{"url": "https://iknow.lenovo.com.cn/detail/436983"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Follow the guidance in the Product Impact section in the advisory: <a target=\"_blank\" rel=\"nofollow\" href=\"https://iknow.lenovo.com.cn/detail/436983\">https://iknow.lenovo.com.cn/detail/436983</a>\n\n\n\n<br>"}], "value": "Follow the guidance in the Product Impact section in the advisory: https://iknow.lenovo.com.cn/detail/436983"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.3.0"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information."}], "id": "CVE-2025-13454", "lastModified": "2026-01-14T23:15:55.647", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "psirt@lenovo.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@lenovo.com", "type": "Secondary"}]}, "published": "2026-01-14T23:15:55.647", "references": [{"source": "psirt@lenovo.com", "url": "https://iknow.lenovo.com.cn/detail/436983"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "psirt@lenovo.com", "type": "Secondary"}]}