CVE-2025-6026
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-10-21
Assigner: Lenovo Group Ltd.
Description
Description
An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lenovo | universal_device_client | 4.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper certificate validation issue in the Lenovo Universal Device Client (UDC). It allows an attacker who can intercept network traffic to access encrypted application metadata, such as device information, geolocation, and telemetry data.
How can this vulnerability impact me? :
The vulnerability could lead to unauthorized disclosure of sensitive information including device details, geolocation, and telemetry data by intercepting encrypted communications, potentially compromising privacy and security.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70