CVE-2025-11193

Summary

A potential vulnerability was reported in some Lenovo Tablets that could allow a local authenticated user or application to gain access to sensitive device specific information.

Affected Software

VendorProductVersion RangeStatus
LenovoTab M11 TB330FU TB330XU0 < TB330FU_ROW_OPEN_USER_V5_V_ZUI_17.0.274_ST_251011affected
LenovoTab M11 TB330FU TB330XU0 < TB330XU_ROW_OPEN_USER_V5_V_ZUI_17.0.235_ST_251011affected
LenovoTab K11 TB330FU TB330FUP TB330XU TB330XUP0 < TB330FU_ROW_OPEN_USER_V5_V_ZUI_17.0.274_ST_251011affected
LenovoTab K11 TB330FU TB330FUP TB330XU TB330XUP0 < TB330XU_ROW_OPEN_USER_V5_V_ZUI_17.0.235_ST_251011affected
LenovoIdea Tab Pro TB373FU0 < 17.0.04.184affected
LenovoTab WiFi 5G0 < 17.0.10.457affected
LenovoTab K9 TB305FU0 < 17.0.10.069affected
LenovoTab K9 TB305XU0 < 17.0.10.065affected
LenovoTab Plus TB520FU0 < 17.0.12.203affected
LenovoTab M8 4th Gen 2024 TB301FU TB301XU0 < TB300FU_USR_S101112_250919_MP1V1111_ROWaffected
LenovoTab M8 4th Gen 2024 TB301FU TB301XU0 < TB300XU_USR_S101103_250919_MP1V1111_ROWaffected
LenovoTab Extreme TB570ZU TB570FU0 < 17.0.104affected
LenovoTab M10 5G TB360ZU0 < 16.0.783affected
LenovoTab M8 4th Gen TB300FU TB300XU0 < TB300FU_USR_S101112_250919_MP1V1111_ROWaffected
LenovoTab M8 4th Gen TB300FU TB300XU0 < TB300XU_USR_S101103_250919_MP1V1111_ROWaffected
LenovoTab M9 TB310FU TB310XU0 < TB310FU_USR_S000912_2510022135_mp1V969_ROWaffected
LenovoTab M9 TB310FU TB310XU0 < TB310XU_USR_S000913_2510021921_mp1V969_ROWaffected
LenovoTab P11 2nd Gen TB350XU TB350FU0 < TB350XU_USER_S230920_2508120308_MP_ROWaffected
LenovoTab P11 2nd Gen TB350XU TB350FU0 < TB350FU_USER_S230917_2508090248_MP_ROWaffected
LenovoTab P12 TB370FU TB372FU0 < TB370FU_ROW_OPEN_USER_V5_V_ZUI_17.0.187_ST_250817affected
LenovoTab P12 TB370FU TB372FU0 < TB372FC_ROW_OPEN_USER_V5_V_ZUI_17.0.116_ST_250822affected
LenovoTab WIFI0 < 17.0.30.303affected
LenovoTab K11 Plus LTE TB352FU TB352XU0 < 17.0.10.213affected
LenovoTab K11 Plus WIFI TB352FU0 < 17.0.10.213affected
LenovoYoga Tab Plus TB520FU0 < 17.5.10.035affected
LenovoTab One TB305FUXU0 < 17.0.10.107affected

Weaknesses

  • CWE-256: CWE-256: Plaintext Storage of a Password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References