Information Disclosure Vulnerability in Lenovo LeCloud Client Application
CVE-2025-10699

6MEDIUM

Key Information:

Vendor: Lenovo
Status: Lecloud Client
Vendor: CVE Published:; 15 October 2025

What is CVE-2025-10699?

A vulnerability in the Lenovo LeCloud client application has been identified that may lead to unintentional exposure of sensitive information under specific conditions. This flaw can potentially allow unauthorized access to confidential data, raising significant security concerns for users and organizations relying on the application.

Affected Version(s)

LeCloud Client 0 <= 2.501.25.0

References

https://iknow.lenovo.com.cn/detail/432379

https://lecloud.lenovo.com/index

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Sep 18, 2025

Credit

Lenovo thanks Wanjie from Huazhong University of Science and Technology for reporting this issue.

JSON