CVE-2025-13453
4.6 MEDIUMA potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on t...
Published: 2026-01-14 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 4.6 MEDIUM
- Vector
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-311
Affected products
| Vendor | Product |
|---|---|
| lenovo | thinkplus_fu100_firmware, thinkplus_fu200_firmware, thinkplus_tsd303_firmware |
Description
A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-13453
- [Vendor advisory]https://iknow.lenovo.com.cn/detail/436983
Related CVEs
Same vendor
- CVE-2025-13454 — A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to ... (5.5 MEDIUM)
- CVE-2022-0354 — A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute ... (7.3 HIGH)
Same CWE
- CVE-2026-53442 — Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job c... (5.3 MEDIUM)
- CVE-2026-34486 — Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptI... (7.5 HIGH)
- CVE-2020-7567 — A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the ... (5.7 MEDIUM)
- CVE-2017-14852 — An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SS... (8.6 HIGH)