CVE-2025-13455
📋 TL;DR
A local authentication bypass vulnerability in ThinkPlus configuration software allows authenticated users to enroll untrusted fingerprints on ThinkPlus devices. This affects organizations using ThinkPlus biometric authentication systems where local users have access to configuration software. The vulnerability enables unauthorized fingerprint enrollment, potentially compromising biometric security controls.
💻 Affected Systems
- ThinkPlus configuration software
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Malicious insider or compromised account enrolls unauthorized fingerprints, allowing persistent unauthorized physical access to secured areas or systems protected by ThinkPlus biometric authentication.
Likely Case
Local user with legitimate access bypasses fingerprint enrollment controls to add unauthorized users, potentially enabling unauthorized access to secured resources.
If Mitigated
With proper access controls and monitoring, impact is limited to potential policy violation detection without actual security breach.
🎯 Exploit Status
Exploitation requires local authenticated access to the configuration software. The vulnerability appears to be an authentication bypass in the enrollment process.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in advisory
Vendor Advisory: https://iknow.lenovo.com.cn/detail/436983
Restart Required: Yes
Instructions:
1. Visit Lenovo's security advisory page. 2. Download the latest ThinkPlus configuration software update. 3. Install the update on all systems running ThinkPlus configuration software. 4. Restart affected systems.
🔧 Temporary Workarounds
Restrict configuration software access
allLimit access to ThinkPlus configuration software to authorized administrators only
Monitor fingerprint enrollment logs
allImplement logging and alerting for fingerprint enrollment activities
🧯 If You Can't Patch
- Implement strict access controls to limit who can run ThinkPlus configuration software
- Enable detailed audit logging for all fingerprint enrollment activities and review regularly
🔍 How to Verify
Check if Vulnerable:
Check ThinkPlus configuration software version against Lenovo's security advisory. Systems running unpatched versions are vulnerable.Check Version:
Check within ThinkPlus configuration software interface or consult software documentation for version checking methodVerify Fix Applied:
Verify ThinkPlus configuration software has been updated to the patched version specified in Lenovo's advisory.📡 Detection & Monitoring
Log Indicators:
- Unexpected fingerprint enrollment events
- Multiple fingerprint enrollments from single user account
- Enrollment attempts outside normal business hours
Network Indicators:
- Unusual network traffic to/from ThinkPlus configuration software
SIEM Query:
source="thinkplus" AND (event_type="enrollment" OR event_type="fingerprint_add") | stats count by user, timestamp