CVE-2025-6026

Low CVSS: 2.3

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data.

Vendor

Product

CWE

CWE-295

Yayın Tarihi

2025-10-15 15:16:06

Güncelleme

2025-10-21 13:15:36

Source Identifier

psirt@lenovo.com

KEV Date Added

Kategoriler

CWE-295 LOW 2025

Referanslar

https://support.lenovo.com/us/en/product_security/LEN-198727