CVE-2025-10237
MediumCVSS 6.7Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions.
Risk Assessment
This vulnerability could lead to unauthorized access to sensitive data or the ability to modify critical system settings by local users with appropriate privileges.
Recommendation
It is recommended to update the embedded controller firmware to the latest version to mitigate the risks associated with this vulnerability.
Original NVD description (English source)
During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions.

