Missing Authentication Vulnerability in Lenovo Tablets
CVE-2025-14058

2.4LOW

Key Information:

Vendor: Lenovo
Status: Tab M11 Tb330fu Tb330xu; Tab K11 Tb330fu; Tab K11 Tb330fup; Tab K11 Tb330xu
Vendor: CVE Published:; 14 January 2026

What is CVE-2025-14058?

A vulnerability has been identified in certain Lenovo Tablets that enables unauthorized users with physical access to potentially modify Control Center settings, despite the device being locked. This occurs when the 'Allow Control Center access when locked' feature is disabled, highlighting a security risk that requires immediate attention from users to secure their devices.

Affected Version(s)

Idea Tab Pro TB373FU 0

Idea Tab TB336FU 0 < 17.5.10.041

Legion Tab TB320FC 0 < 17.0.339

References

https://support.lenovo.com/us/en/product_security/LEN-207951

CVSS V4

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 14, 2026
Vulnerability Reserved
Dec 4, 2025

Credit

Lenovo thanks Pablo Vivanco of DeepSecurity for reporting this issue.

CVE-2025-14058 Data

JSON