Web Camera Firmware Vulnerability in Lenovo Products
CVE-2025-4371

7HIGH

Key Information:

Vendor: Lenovo
Status: 510 Fhd Webcam; Performance Fhd Webcam
Vendor: CVE Published:; 18 August 2025

What is CVE-2025-4371?

A potential firmware vulnerability has been identified in Lenovo's 510 FHD and Performance FHD web cameras. This security flaw could be exploited by attackers with physical access to the devices, allowing them to perform arbitrary firmware updates via a USB connection. This raises significant concerns about unauthorized control and functionality alterations, making the devices susceptible to potential malicious uses.

Affected Version(s)

510 FHD Webcam 0 < 4.8.0

Performance FHD Webcam 0 < 4.8.0

References

https://support.lenovo.com/us/en/product_security/LEN-194466

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2025
Vulnerability Reserved
May 5, 2025

Credit

Lenovo thanks Mickey Shkatov and Jesse Michael of Eclypsium for reporting this issue.

JSON