Embedded Controller Firmware Vulnerability in Lenovo ThinkPad
CVE-2025-10237
8.4HIGH
Key Information:
What is CVE-2025-10237?
A potential security flaw in Lenovo ThinkPad embedded controller firmware has been identified, permitting a privileged local user to execute arbitrary read or write operations to sensitive memory areas. This vulnerability could lead to unauthorized access to critical system functions and data. Users are advised to monitor for updates and apply security patches to mitigate the risk.
Affected Version(s)
L13 (type 20R3, 20R4) Laptops (ThinkPad) BIOS 0 < 1.45
L13 2-in-1 Gen 6 (Type 21R7, 21R8) Laptops (ThinkPad) BIOS 0 < 1.10
L13 Gen 4 (Type 21FG, 21FH) Laptop (ThinkPad) BIOS 0 < 1.24