CVE-2025-14058
📋 TL;DR
A missing authentication vulnerability in some Lenovo Tablets allows unauthorized users with physical access to modify Control Center settings when the device is locked, even when the 'Allow Control Center access when locked' option is disabled. This affects Lenovo Tablet users who have disabled this setting but leave devices unattended in locked state.
💻 Affected Systems
- Lenovo Tablets
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker with physical access could modify critical device settings, potentially enabling further attacks or compromising device functionality and user privacy.
Likely Case
Unauthorized users could change Control Center settings like connectivity options, display settings, or accessibility features when accessing a locked device.
If Mitigated
With proper physical security controls and user awareness, the impact is minimal as it requires physical device access.
🎯 Exploit Status
Exploitation requires physical access to a locked device. No authentication bypass needed beyond physical access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in advisory - check Lenovo support for specific firmware updates
Vendor Advisory: https://support.lenovo.com/us/en/product_security/LEN-207951
Restart Required: Yes
Instructions:
1. Check Lenovo support site for your specific tablet model. 2. Download and install the latest firmware update. 3. Restart the device after installation.
🔧 Temporary Workarounds
Enable Control Center access when locked
allEnable the 'Allow Control Center access when locked' option to prevent the authentication bypass condition
Use stronger lock screen security
allImplement PIN, pattern, or biometric authentication instead of swipe-to-unlock
🧯 If You Can't Patch
- Maintain strict physical security controls for devices
- Never leave devices unattended in public or shared spaces
🔍 How to Verify
Check if Vulnerable:
Check if Control Center settings can be modified when device is locked with 'Allow Control Center access when locked' disabledCheck Version:
Check Settings > About Tablet > Build Number or Software VersionVerify Fix Applied:
After applying firmware update, verify Control Center cannot be accessed/modified when device is locked with the setting disabled📡 Detection & Monitoring
Log Indicators:
- Unexpected Control Center setting changes
- Access attempts while device locked
Network Indicators:
- None - local physical access only
SIEM Query:
Not applicable - physical access vulnerability