Insufficient Access Control in Lenovo Dispatcher Drivers for Consumer Notebooks
CVE-2025-8061

7.3HIGH

Key Information:

Vendor: Lenovo
Status: Dispatcher 3.0 Driver; Dispatcher 3.1 Driver
Vendor: CVE Published:; 11 September 2025

What is CVE-2025-8061?

An insufficient access control vulnerability was identified in the Lenovo Dispatcher drivers (versions 3.0 and 3.1) used in certain Lenovo consumer notebooks. This vulnerability could potentially allow an authenticated local user to execute arbitrary code with elevated privileges, compromising the security of affected systems. However, systems equipped with Windows 11 and utilizing the Core Isolation Memory Integrity feature are not subject to this risk. The vulnerability underscores the importance of regularly updating software and utilizing security features to protect sensitive information.

Affected Version(s)

Dispatcher 3.0 Driver 0 < 3.1.0.41

Dispatcher 3.1 Driver 0 < 3.1.0.41

References

https://support.lenovo.com/us/en/product_security/LEN-200860

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Jul 22, 2025

Credit

Lenovo thanks YiShun Zeng and Quarkslabs for reporting this issue.