CVE-2025-10699
MEDIUMLenovo LeCloud Client < 2.501.25.0 - Information Disclosure via Improper Certificate Validation
Title source: llmDescription
A vulnerability was reported in the Lenovo LeCloud client application that, under certain conditions, could allow information disclosure.
References (2)
Core 2
Core References
Various Sources
https://iknow.lenovo.com.cn/detail/432379
Various Sources
https://lecloud.lenovo.com/index
Scores
CVSS v3
5.3
EPSS
0.0023
EPSS Percentile
14.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-295
Status
published
Products (1)
Lenovo/LeCloud Client
< 2.501.25.0
Published
Oct 15, 2025
Tracked Since
Feb 18, 2026