CVE-2025-14058 LOW

CVE-2025-14058

Vendor Lenovo
Product Tab M11 TB330FU TB330XU
Weakness CWE-306 · Missing auth
Published January 14, 2026
Last update January 15, 2026

CVSS base score

2.4/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device is locked when the "Allow Control Center access when locked" option is disabled.

Key dates

02Disclosure timeline

January 14, 2026 CVE published
January 15, 2026 Record updated