CVE-2025-13454

MEDIUM

ThinkPlus - Info Disclosure

Title source: llm

Description

A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information.

References (1)

[Various Sources] https://iknow.lenovo.com.cn/detail/436983

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 0.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-319

Status published

Products (8)

Lenovo/ThinkPlus FU100 Gen 1

Lenovo/ThinkPlus FU200 Gen 1

Lenovo/ThinkPlus TSD303 Gen 1

Lenovo/ThinkPlus TU800 Gen 1

lenovo/thinkplus_fu100_firmware

lenovo/thinkplus_fu200_firmware

lenovo/thinkplus_tsd303_firmware

lenovo/thinkplus_tu800_firmware

Published Jan 14, 2026

Tracked Since Feb 18, 2026