CVE-2025-6026 LOW

CVE-2025-6026

Vendor Lenovo
Product Universal Device Client
Weakness CWE-295
Published October 15, 2025
Last update October 21, 2025

CVSS base score

2.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data.

Key dates

02Disclosure timeline

October 15, 2025 CVE published
October 21, 2025 Record updated