CVE-2025-13454

MEDIUM 5.5

CVSS Score

5.5

EPSS Score

0.0%

EPSS Percentile

0th

A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information.

CWE	CWE-319
Vendor	lenovo
Product	thinkplus fu100
Published	Jan 14, 2026
Last Updated	Feb 25, 2026

Stay Ahead of the Next One

Get instant alerts for lenovo thinkplus fu100

Be the first to know when new medium vulnerabilities affecting lenovo thinkplus fu100 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

Lenovo / ThinkPlus FU100

Gen 1

Lenovo / ThinkPlus FU200

Gen 1

Lenovo / ThinkPlus TU800

Gen 1

Lenovo / ThinkPlus TSD303

Gen 1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

iknow.lenovo.com.cn: https://iknow.lenovo.com.cn/detail/436983

Credits

Lenovo thanks Xusheng Li (Vector 35 Inc) for reporting these issues.