PT-2025-42363 · Lenovo · Lenovo Universal Device Client

Published

2025-10-15

Updated

2025-10-21

CVE-2025-6026

CVSS v3.1

3.1

Low

Vector

AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Lenovo Universal Device Client (UDC) (affected versions not specified)

Description An improper certificate validation issue exists in the Lenovo Universal Device Client (UDC). A user intercepting network traffic may be able to obtain encrypted application metadata, including device information, geolocation, and telemetry data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2025-6026

Affected Products

Lenovo Universal Device Client

PT-2025-42363 · Lenovo · Lenovo Universal Device Client

CVE-2025-6026

Weakness Enumeration

Related Identifiers

Affected Products

References · 6