CVE-2025-13454 – This vulnerability in ThinkPlus configuration s... (How to Fix)

Q: What is the severity of CVE-2025-13454?

CVE-2025-13454 has a CVSS score of 5.5 (MEDIUM). This vulnerability in ThinkPlus configuration software allows local authenticated users to access sensitive device information they shouldn't normally see. It affects organizations using Lenovo's ThinkPlus software for device management. The risk is limited to users who already have local access to systems running this software.

📋 TL;DR

This vulnerability in ThinkPlus configuration software allows local authenticated users to access sensitive device information they shouldn't normally see. It affects organizations using Lenovo's ThinkPlus software for device management. The risk is limited to users who already have local access to systems running this software.

💻 Affected Systems

Products:

ThinkPlus configuration software

Versions: Specific versions not detailed in reference; check Lenovo advisory for exact affected versions

Operating Systems: Windows (presumably, based on typical Lenovo software)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local authenticated access; exact affected versions need verification from Lenovo advisory

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated malicious insider could extract sensitive device configuration data, potentially enabling further attacks or information disclosure.

🟠

Likely Case

Accidental information exposure or low-privilege users accessing device details beyond their authorization level.

🟢

If Mitigated

Minimal impact with proper access controls and least privilege principles in place.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring authenticated access.

🏢 Internal Only: MEDIUM - Internal users with local access could exploit this to gain unauthorized information.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local authenticated access; no public exploit details available

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Lenovo advisory for specific patched version

Vendor Advisory: https://iknow.lenovo.com.cn/detail/436983

Restart Required: Yes

Instructions:

1. Visit Lenovo advisory URL. 2. Download latest ThinkPlus software version. 3. Install update following vendor instructions. 4. Restart system as required.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local user access to systems running ThinkPlus software to only authorized personnel

Implement Least Privilege

all

Ensure users only have minimum necessary permissions on systems with ThinkPlus software

🧯 If You Can't Patch

Isolate systems with ThinkPlus software from general user access
Implement strict access controls and monitor for unusual local access patterns

🔍 How to Verify

Check if Vulnerable:

Check ThinkPlus software version against Lenovo advisory; if running affected version and local authenticated access exists, system is vulnerable

Check Version:

Check ThinkPlus software 'About' section or consult Lenovo documentation for version checking

Verify Fix Applied:

Verify ThinkPlus software has been updated to version specified in Lenovo advisory

📡 Detection & Monitoring

Log Indicators:

Unusual access to ThinkPlus configuration files or processes by non-admin users
Multiple failed then successful access attempts to ThinkPlus components

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

Process creation events related to ThinkPlus software by non-privileged users OR File access events to ThinkPlus configuration directories

📊 Metadata

CVE ID: CVE-2025-13454

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-319

EPSS Score: 0.01% exploit probability (0.3th percentile)

Published: January 14, 2026

Last Updated: February 25, 2026

🔗 References

https://iknow.lenovo.com.cn/detail/436983 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13454, you might also want to check these: