CVE-2025-14058

CVSS 2.4 LOWEPSS 0.1%CWE-306

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 2.4EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

14 Jan 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device is locked when the "Allow Control Center access when locked" option is disabled.

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Affected products

Lenovo · Idea Tab Pro TB373FU Lenovo · Idea Tab TB336FU Lenovo · Legion Tab TB320FC Lenovo · Legion Tab TB321FU Lenovo · Lenovo Tab with Clear Case TB311FU Lenovo · Lenovo Tab with Folio Case TB311XU Lenovo · TAB7 Lenovo · Tab Extreme TB570ZU TB570FU Lenovo · Tab K11 Gen 2 TB336ZU Lenovo · Tab K11 Plus LTE TB352FU Lenovo · Tab K11 Plus LTE TB352XU Lenovo · Tab K11 TB330FU Lenovo · Tab K11 TB330FUP Lenovo · Tab K11 TB330XU Lenovo · Tab K11 TB330XUP Lenovo · Tab K9 TB305FU Lenovo · Tab K9 TB305XU Lenovo · Tab M10 5G TB360ZU Lenovo · Tab M11 TB330FU TB330XU Lenovo · Tab M8 4th Gen 2024 TB301FU Lenovo · Tab M8 4th Gen 2024 TB301XU Lenovo · Tab M8 4th Gen TB300FU Lenovo · Tab M8 4th Gen TB300XU Lenovo · Tab M9 TB310FU Lenovo · Tab M9 TB310XU Lenovo · Tab P11 2nd Gen TB350FU Lenovo · Tab P11 2nd Gen TB350XU Lenovo · Tab P12 TB370FU Lenovo · Tab P12 TB372FU Lenovo · Tab Plus TB351FU Lenovo · Yoga Tab Plus TB520FU

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.lenovo.com/us/en/product_security/LEN-207951