CVE-2025-11193
📋 TL;DR
This vulnerability in some Lenovo Tablets allows a local authenticated user or application to access sensitive device-specific information. It affects users with physical or authenticated access to vulnerable devices. The risk is limited to information disclosure rather than system compromise.
💻 Affected Systems
- Lenovo Tablets (specific models not detailed in provided reference)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker with local access could extract sensitive device identifiers, configuration data, or other proprietary information that could be used in further attacks or for device fingerprinting.
Likely Case
A malicious application installed on the device or a user with standard privileges could access device-specific information they shouldn't normally see.
If Mitigated
With proper application sandboxing and privilege separation, the impact would be limited to non-critical device information.
🎯 Exploit Status
Requires local authenticated access. Likely involves calling specific APIs or accessing system interfaces that should be restricted.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Lenovo security advisory for specific firmware versions
Vendor Advisory: https://support.lenovo.com/us/en/product_security/LEN-202383
Restart Required: Yes
Instructions:
1. Visit the Lenovo security advisory. 2. Identify your specific tablet model. 3. Download and install the latest firmware update from Lenovo's support site. 4. Reboot the device after installation.
🔧 Temporary Workarounds
Restrict application permissions
allReview and restrict application permissions to minimize what apps can access device information
Implement device management controls
allUse MDM (Mobile Device Management) solutions to enforce security policies and restrict access to sensitive device interfaces
🧯 If You Can't Patch
- Isolate vulnerable tablets from sensitive networks and data
- Implement strict access controls and monitor for suspicious local activity
🔍 How to Verify
Check if Vulnerable:
Check your tablet's firmware version against the patched versions listed in Lenovo's security advisoryCheck Version:
Settings → About tablet → Build number / Firmware version (exact path varies by Android version)Verify Fix Applied:
Verify firmware version has been updated to a version beyond what's listed as vulnerable in the advisory📡 Detection & Monitoring
Log Indicators:
- Unusual access to device information APIs
- Multiple failed permission requests for sensitive device data
Network Indicators:
- Not applicable - local vulnerability
SIEM Query:
Not applicable for local device information disclosure