CVE-2025-13454
MEDIUMLenovo ThinkPlus FU100/FU200/TU800/TSD303 Firmware - Cleartext Transmission of Sensitive Information
Title source: llmDescription
A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information.
References (1)
Core 1
Core References
Various Sources
https://iknow.lenovo.com.cn/detail/436983
Scores
CVSS v3
5.5
EPSS
0.0009
EPSS Percentile
0.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-319
Status
published
Products (8)
Lenovo/ThinkPlus FU100
Gen 1
Lenovo/ThinkPlus FU200
Gen 1
Lenovo/ThinkPlus TSD303
Gen 1
Lenovo/ThinkPlus TU800
Gen 1
lenovo/thinkplus_fu100_firmware
lenovo/thinkplus_fu200_firmware
lenovo/thinkplus_tsd303_firmware
lenovo/thinkplus_tu800_firmware
Published
Jan 14, 2026
Tracked Since
Feb 18, 2026