CVE-2025-14058 PUBLISHED

Assigner: lenovo
Reserved: 04.12.2025 Published: 14.01.2026 Updated: 15.01.2026

A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device is locked when the "Allow Control Center access when locked" option is disabled.

CVSS Vector: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
CVSS Score: 2.4

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Physical	Confidentiality	None	Confidentiality	None
Attack Complexity	Low	Integrity	Low	Integrity	None
Attack Requirements	None	Availability	Low	Availability	None
Privileges Required	None
User Interaction	Passive

CVSS 4.0

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CVSS Score: 3.2

Attack Vector	Physical	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	Low
User Interaction	Required	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	Lenovo
Product	Tab M11 TB330FU TB330XU
Versions	Default: unaffected affected from 0 to 17.0.284 (excl.)

Vendor	Lenovo
Product	Tab K11 TB330FU
Versions	Default: unaffected affected from 0 to 17.0.284 (excl.)

Vendor	Lenovo
Product	Tab K11 TB330FUP
Versions	Default: unaffected affected from 0 to 17.0.254 (excl.)

Vendor	Lenovo
Product	Tab K11 TB330XU
Versions	Default: unaffected affected from 0 to 17.0.084 (excl.)

Vendor	Lenovo
Product	Tab K11 TB330XUP
Versions	Default: unaffected affected from 0 to 17.0.254 (excl.)

Vendor	Lenovo
Product	Idea Tab Pro TB373FU
Versions	Default: unaffected affected from 0 to ZUI_17.0.04.266_ST_251120 (excl.)

Vendor	Lenovo
Product	Tab K9 TB305FU
Versions	Default: unaffected affected from 0 to 17.0.10.118 (excl.)

Vendor	Lenovo
Product	Tab K9 TB305XU
Versions	Default: unaffected affected from 0 to 17.0.10.098 (excl.)

Vendor	Lenovo
Product	Tab Plus TB351FU
Versions	Default: unaffected affected from 0 to 17.5.10.023 (excl.)

Vendor	Lenovo
Product	Tab M8 4th Gen 2024 TB301FU
Versions	Default: unaffected affected from 0 to TB301FU_USR_S000126_250919_MP1V1111_ROW (excl.)

Vendor	Lenovo
Product	Tab M8 4th Gen 2024 TB301XU
Versions	Default: unaffected affected from 0 to TB301XU_USR_S000147_250919_MP1V1111_ROW (excl.)

Vendor	Lenovo
Product	Tab Extreme TB570ZU TB570FU
Versions	Default: unaffected affected from 0 to 17.5.184 (excl.)

Vendor	Lenovo
Product	Tab M10 5G TB360ZU
Versions	Default: unaffected affected from 0 to 16.0.882 (excl.)

Vendor	Lenovo
Product	Tab M8 4th Gen TB300FU
Versions	Default: unaffected affected from 0 to TB300XU_USR_S100149_250919_MP1V1111_ROW (excl.)

Vendor	Lenovo
Product	Tab M8 4th Gen TB300XU
Versions	Default: unaffected affected from 0 to TB300FU_USR_S100122_250919_MP1V1111_ROW (excl.)

Vendor	Lenovo
Product	Tab M9 TB310FU
Versions	Default: unaffected affected from 0 to TB310XU_USR_S000913_2510021921_mp1V969_ROW (excl.)

Vendor	Lenovo
Product	Tab M9 TB310XU
Versions	Default: unaffected affected from 0 to TB310FU_USR_S000912_2510022135_mp1V969_ROW (excl.)

Vendor	Lenovo
Product	Tab P11 2nd Gen TB350XU
Versions	Default: unaffected affected from 0 to TB350FU_USER_S231044_2601050946 (excl.)

Vendor	Lenovo
Product	Tab P11 2nd Gen TB350FU
Versions	Default: unaffected affected from 0 to TB350XU_USER_S231018_2601050930 (excl.)

Vendor	Lenovo
Product	Tab P12 TB370FU
Versions	Default: unaffected affected from 0 to 17.0.267 (excl.)

Vendor	Lenovo
Product	Tab P12 TB372FU
Versions	Default: unaffected affected from 0 to 17.0.267 (excl.)

Vendor	Lenovo
Product	Tab K11 Plus LTE TB352FU
Versions	Default: unaffected affected from 0 to 17.0.10.250 (excl.)

Vendor	Lenovo
Product	Tab K11 Plus LTE TB352XU
Versions	Default: unaffected affected from 0 to 17.0.10.242 (excl.)

Vendor	Lenovo
Product	Yoga Tab Plus TB520FU
Versions	Default: unaffected affected from 0 to 17.5.10.036 (excl.)

Vendor	Lenovo
Product	Tab K11 Gen 2 TB336ZU
Versions	Default: unaffected affected from 0 to 17.0.10.541 (excl.)

Vendor	Lenovo
Product	TAB7
Versions	Default: unaffected affected from 0 to 17.0.10.541 (excl.)

Vendor	Lenovo
Product	Lenovo Tab with Clear Case TB311FU
Versions	Default: unaffected affected from 0 to 17.0.30.303 (excl.)

Vendor	Lenovo
Product	Lenovo Tab with Folio Case TB311XU
Versions	Default: unaffected affected from 0 to 17.0.31.259 (excl.)

Vendor	Lenovo
Product	Legion Tab TB321FU
Versions	Default: unaffected affected from 0 to 17.5.10.031 (excl.)

Vendor	Lenovo
Product	Legion Tab TB320FC
Versions	Default: unaffected affected from 0 to 17.0.339 (excl.)

Vendor	Lenovo
Product	Idea Tab TB336FU
Versions	Default: unaffected affected from 0 to 17.5.10.041 (excl.)

Solutions

Update to the version (or higher) as recommended in the advisory: https://support.lenovo.com/us/en/product_security/LEN-207951

Credits

Lenovo thanks Pablo Vivanco of DeepSecurity for reporting this issue. finder

References

https://support.lenovo.com/us/en/product_security/LEN-207951

Problem Types

CWE-306: Missing Authentication for Critical Function CWE