Null Pointer Dereference Vulnerability in Lenovo Power Management Driver
CVE-2025-9548

6.8MEDIUM

Key Information:

Vendor: Lenovo
Status: Power Management Driver
Vendor: CVE Published:; 15 October 2025

What is CVE-2025-9548?

A local authenticated user could exploit a null pointer dereference vulnerability present in the Lenovo Power Management Driver. This exploitation may lead to system instability, including a Windows blue screen error. It is crucial for users to apply the latest security updates to mitigate this risk.

Affected Version(s)

Power Management Driver 0 < 1.69.70.0

References

https://support.lenovo.com/us/en/product_security/LEN-203293

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Aug 27, 2025

Credit

Lenovo thanks Sam Dalgleish for reporting this issue.

JSON