CVE Catalog

CVE-2025-10238

MediumCVSS 6.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

3th percentile — higher than 3% of all known CVEs

Summary

During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products that could allow a privileged local user to execute code in System Management Mode (SMM).

Risk Assessment

This vulnerability may allow an attacker with local access to execute unauthorized code, posing a serious threat to system integrity.

Recommendation

It is recommended to update the BIOS to the latest version to mitigate the risk associated with this vulnerability.

Original NVD description (English source)

During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode (SMM).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS