Out-of-Bounds Write Vulnerability in Lenovo ThinkPad BIOS
CVE-2025-10238

8.4HIGH

What is CVE-2025-10238?

A potential out-of-bounds write vulnerability was identified in the BIOS of select Lenovo ThinkPad products, which could allow a privileged local user to execute arbitrary code in System Management Mode (SMM). This flaw may pose serious security risks, compromising system integrity and providing unauthorized access to sensitive operations.

Affected Version(s)

E14 Gen 4 (type 21E3, 21E4) Laptops (ThinkPad) BIOS 0 < 1.34

E14 Gen 5 (Type 21JR, 21JS) Laptop (ThinkPad) BIOS 0 < 1.29

E14 Gen 6 (Type 21M3, 21M4) Laptops (ThinkPad) BIOS 0 < 1.27

References

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.