Embedded Controller Firmware Vulnerability in Lenovo ThinkPad
CVE-2025-10237

8.4HIGH

What is CVE-2025-10237?

A potential security flaw in Lenovo ThinkPad embedded controller firmware has been identified, permitting a privileged local user to execute arbitrary read or write operations to sensitive memory areas. This vulnerability could lead to unauthorized access to critical system functions and data. Users are advised to monitor for updates and apply security patches to mitigate the risk.

Affected Version(s)

L13 (type 20R3, 20R4) Laptops (ThinkPad) BIOS 0 < 1.45

L13 2-in-1 Gen 6 (Type 21R7, 21R8) Laptops (ThinkPad) BIOS 0 < 1.10

L13 Gen 4 (Type 21FG, 21FH) Laptop (ThinkPad) BIOS 0 < 1.24

References

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.