CVE-2025-13454

A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information.

medium 5.5 CVSS 3.1
Published: Jan 14, 2026
Modified: Jun 1, 2026
Vendor: Lenovo
Product: Thinkplus Fu100 Firmware
Versions: gen1

Description

A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information.

References

Related CVEs

CVE-2025-13453 medium · 4.6
A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive.
CVE-2022-0354 high · 7.3
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during t