Improper Certificate Validation in Lenovo Universal Device Client
CVE-2025-6026
2.3LOW
What is CVE-2025-6026?
An improper certificate validation vulnerability exists within the Lenovo Universal Device Client (UDC). This flaw potentially enables unauthorized users intercepting network traffic to gain access to sensitive encrypted application metadata, which may include critical device information, geolocation details, and telemetry data. Proper validation of certificates is essential to safeguard against such interception and data exposure risks.
Affected Version(s)
Universal Device Client 0 < 25.7.0.21
References
CVSS V4
Score:
2.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Lenovo thanks Tomi Koski from Visma / Red Team for reporting this issue.