Lenovo 510/Performance FHD Webcam USB Firmware Write Vulnerability
CVE-2025-4371 Published on August 18, 2025

A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection.

NVD

Vulnerability Analysis

CVE-2025-4371 can be exploited with physical access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

PHYSICAL

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Improper Verification of Cryptographic Signature

The software does not verify, or incorrectly verifies, the cryptographic signature for data.

Affected Versions

Lenovo 510 FHD Webcam:

Before 4.8.0 is affected.

Lenovo Performance FHD Webcam:

Before 4.8.0 is affected.

Exploit Probability

EPSS

0.02%

Percentile

3.78%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Lenovo 510/Performance FHD Webcam USB Firmware Write VulnerabilityCVE-2025-4371 Published on August 18, 2025

Vulnerability Analysis

Weakness Type

Improper Verification of Cryptographic Signature

Affected Versions

Exploit Probability

Lenovo 510/Performance FHD Webcam USB Firmware Write Vulnerability
CVE-2025-4371 Published on August 18, 2025