Platform
other
Component
lenovo-tablets-control-center
Fixed in
17.0.284
17.0.284
17.0.254
17.0.084
17.0.254
ZUI_17.0.04.266_ST_251120
17.0.10.118
17.0.10.098
17.5.10.023
TB301FU_USR_S000126_250919_MP1V1111_ROW
TB301XU_USR_S000147_250919_MP1V1111_ROW
17.5.184
16.0.882
TB300XU_USR_S100149_250919_MP1V1111_ROW
TB300FU_USR_S100122_250919_MP1V1111_ROW
TB310XU_USR_S000913_2510021921_mp1V969_ROW
TB310FU_USR_S000912_2510022135_mp1V969_ROW
TB350FU_USER_S231044_2601050946
TB350XU_USER_S231018_2601050930
17.0.267
17.0.267
17.0.10.250
17.0.10.242
17.5.10.036
17.0.10.541
17.0.10.541
17.0.30.303
17.0.31.259
17.5.10.031
17.0.339
17.5.10.041
CVE-2025-14058 describes a potential missing authentication vulnerability within the Lenovo Tablets Control Center. This flaw could allow an unauthorized user possessing physical access to the device to modify Control Center settings. The vulnerability affects Lenovo Tablets running versions 0–ZUI17.0.04.266ST251120. A fix is available in ZUI17.0.04.266ST251120.
The impact of CVE-2025-14058 is limited to scenarios where an attacker has physical access to a locked Lenovo tablet with the 'Allow Control Center access when locked' option disabled. Successful exploitation would allow the attacker to modify Control Center settings, potentially altering device behavior or accessing sensitive information stored within the application. While the CVSS score is LOW, the physical access requirement and potential for configuration changes represent a security risk, particularly in environments where tablets are frequently misplaced or stolen. This vulnerability is not a remote code execution (RCE) issue; it requires direct interaction with the device.
CVE-2025-14058 is not currently listed on the CISA KEV catalog. Public proof-of-concept (POC) code is not currently available. Given the physical access requirement and LOW CVSS score, the probability of active exploitation is considered low. The vulnerability was disclosed on 2026-01-14.
Exploit Status
EPSS
0.04% (10% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-14058 is to upgrade Lenovo Tablets to ZUI17.0.04.266ST_251120 or later. If immediate upgrade is not possible, consider enabling the 'Allow Control Center access when locked' option, although this reduces the security benefit of a locked screen. Regularly review tablet security settings and ensure that physical access is restricted to authorized personnel. Monitor device logs for any unauthorized modifications to Control Center settings. There are no specific WAF or proxy rules applicable to this vulnerability as it is a local authentication issue.
Update your Lenovo tablet to the latest available operating system version. Ensure the 'Allow Control Center access when locked' option is enabled only if necessary and understand the risks. Refer to the Lenovo security advisory for more details and specific instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-14058 is a security vulnerability affecting Lenovo Tablets Control Center allowing unauthorized modification of settings with physical access if 'Allow Control Center access when locked' is disabled. It has a LOW severity rating.
You are affected if you use Lenovo Tablets running versions 0–ZUI17.0.04.266ST_251120 and have the 'Allow Control Center access when locked' option disabled.
Upgrade your Lenovo Tablet to ZUI17.0.04.266ST_251120 or later. As a temporary workaround, enable the 'Allow Control Center access when locked' option.
There is currently no evidence of active exploitation of CVE-2025-14058, but the possibility remains.
Please refer to the official Lenovo security advisories on their website for the most up-to-date information regarding CVE-2025-14058.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.