CVE-2025-10238

8.4HIGH

Key Information:

Vendor: Lenovo
Status: X13 Gen 6 (type 21rk, 21rl) Laptops (thinkpad) BiOS; X1 Carbon 13th Gen (type 21nx, 21ny) Laptops (thinkpad) BiOS; P16v Gen 3 (type 21rs, 21rt) Laptop (thinkpad) BiOS; L16 Gen 1 (type 21l7 21l8) Laptops (thinkpad) BiOS
Vendor: CVE Published:; 10 June 2026

What is CVE-2025-10238?

During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode (SMM).

Affected Version(s)

E14 Gen 4 (type 21E3, 21E4) Laptops (ThinkPad) BIOS 0 < 1.34

E14 Gen 5 (Type 21JR, 21JS) Laptop (ThinkPad) BIOS 0 < 1.29

E14 Gen 6 (Type 21M3, 21M4) Laptops (ThinkPad) BIOS 0 < 1.27

References

https://support.lenovo.com/us/en/product_security/LEN-218282

vendor-advisory

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2026
Vulnerability Reserved
Sep 10, 2025

CVE-2025-10238 Data

JSON

Lenovo

What is CVE-2025-10238?

Affected Version(s)

References

CVSS V4

Timeline