Main Vulnerability Database Vulnerabilities #VU117185

#VU117185 Improper certificate validation in Universal Device Client (UDC) - CVE-2025-6026

Published: October 15, 2025

Vulnerability identifier: #VU117185

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-6026

CWE-ID: CWE-295

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Universal Device Client (UDC)

Software vendor:
Lenovo

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper certificate validation. A remote attacker with ability to intercept network traffic can perform MitM attack and obtain encrypted application metadata, including device information, geolocation, and telemetry data.

Remediation

Install updates from vendor's website.

External links

https://support.lenovo.com/us/en/product_security/LEN-198727

#VU117185 Improper certificate validation in Universal Device Client (UDC) - CVE-2025-6026

Description

Remediation

External links

Please verify you're human