CVE-2025-13453 - Vulnerability Details - OpenCVE

A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive.

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lenovo	Thinkplus Fu100 Thinkplus Fu200 Thinkplus Tsd303 Thinkplus Tu800

No data.

No data.

References

Link	Providers
https://iknow.lenovo.com.cn/detail/436983

History

Wed, 14 Jan 2026 22:30:00 +0000

Type	Values Removed	Values Added
Description		A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive.
First Time appeared		Lenovo Lenovo thinkplus Fu100 Lenovo thinkplus Fu200 Lenovo thinkplus Tsd303 Lenovo thinkplus Tu800
Weaknesses		CWE-311
CPEs		cpe:2.3:h:lenovo:thinkplus_fu100:gen_1:::::::* cpe:2.3:h:lenovo:thinkplus_fu200:gen_1:::::::* cpe:2.3:h:lenovo:thinkplus_tsd303:gen_1:::::::* cpe:2.3:h:lenovo:thinkplus_tu800:gen_1:::::::*
Vendors & Products		Lenovo Lenovo thinkplus Fu100 Lenovo thinkplus Fu200 Lenovo thinkplus Tsd303 Lenovo thinkplus Tu800
References		https://iknow.lenovo.com.cn/detail/436983
Metrics		cvssV3_1 `{'score': 6.8, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 7, 'vector': 'CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2026-01-14T22:18:13.439Z

Updated: 2026-01-14T22:18:13.439Z

Reserved: 2025-11-19T19:32:10.395Z

Link: CVE-2025-13453

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-01-14T23:15:55.483

Modified: 2026-01-14T23:15:55.483

Link: CVE-2025-13453

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13453", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2025-11-19T19:32:10.395Z", "datePublished": "2026-01-14T22:18:13.439Z", "dateUpdated": "2026-01-14T22:18:13.439Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ThinkPlus FU100", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "Gen 1"}]}, {"defaultStatus": "unaffected", "product": "ThinkPlus FU200", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "Gen 1"}]}, {"defaultStatus": "unaffected", "product": "ThinkPlus TU800", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "Gen 1"}]}, {"defaultStatus": "unaffected", "product": "ThinkPlus TSD303", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "Gen 1"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkplus_fu100:gen_1:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkplus_fu200:gen_1:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkplus_tu800:gen_1:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkplus_tsd303:gen_1:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "Lenovo thanks Xusheng Li (Vector 35 Inc) for reporting these issues."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive."}], "value": "A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "baseScore": 7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-311", "description": "CWE-311: Missing Encryption of Sensitive Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2026-01-14T22:18:13.439Z"}, "references": [{"url": "https://iknow.lenovo.com.cn/detail/436983"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Follow the guidance in the Product Impact section in the advisory: <a target=\"_blank\" rel=\"nofollow\" href=\"https://iknow.lenovo.com.cn/detail/436983\">https://iknow.lenovo.com.cn/detail/436983</a>"}], "value": "Follow the guidance in the Product Impact section in the advisory:\u00a0 https://iknow.lenovo.com.cn/detail/436983"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.3.0"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive."}], "id": "CVE-2025-13453", "lastModified": "2026-01-14T23:15:55.483", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "psirt@lenovo.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@lenovo.com", "type": "Secondary"}]}, "published": "2026-01-14T23:15:55.483", "references": [{"source": "psirt@lenovo.com", "url": "https://iknow.lenovo.com.cn/detail/436983"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-311"}], "source": "psirt@lenovo.com", "type": "Secondary"}]}