CVE-2025-10237

8.4HIGH

Key Information:

Vendor: Lenovo
Status: X13 Gen 6 (type 21rk, 21rl) Laptops (thinkpad) BiOS; X1 Carbon 13th Gen (type 21nx, 21ny) Laptops (thinkpad) BiOS; P16v Gen 3 (type 21rs, 21rt) Laptop (thinkpad) BiOS; L16 Gen 1 (type 21l7 21l8) Laptops (thinkpad) BiOS
Vendor: CVE Published:; 10 June 2026

What is CVE-2025-10237?

During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions.

Affected Version(s)

L13 (type 20R3, 20R4) Laptops (ThinkPad) BIOS 0 < 1.45

L13 2-in-1 Gen 6 (Type 21R7, 21R8) Laptops (ThinkPad) BIOS 0 < 1.10

L13 Gen 4 (Type 21FG, 21FH) Laptop (ThinkPad) BIOS 0 < 1.24

References

https://support.lenovo.com/us/en/product_security/LEN-218282

vendor-advisory

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2026
Vulnerability Reserved
Sep 10, 2025

CVE-2025-10237 Data

JSON

Lenovo

What is CVE-2025-10237?

Affected Version(s)

References

CVSS V4

Timeline