PatchSiren cyber security CVE debrief
CVE-2025-10237 Lenovo CVE debrief
A potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions. The vulnerability has a CVSS score of 8.4 and is classified as HIGH severity.
- Vendor
- Lenovo
- Product
- X13 Gen 6 (Type 21RK, 21RL) Laptops (ThinkPad) BIOS
- CVSS
- HIGH 8.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Users of affected ThinkPad devices, specifically those with privileged local access.
Technical summary
The vulnerability is located in the ThinkPad embedded controller firmware. A privileged local user could exploit this vulnerability to perform arbitrary reads or writes to privileged memory regions.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by the vendor (Lenovo) as soon as possible.
- Restrict access to privileged memory regions.
- Monitor system activity for suspicious behavior.
Evidence notes
The vendor is believed to be Lenovo, based on evidence from the source reference.
Official resources
-
CVE-2025-10237 CVE record
CVE.org
-
CVE-2025-10237 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-10237 was published on 2026-06-10T15:16:30.540Z and modified on 2026-06-10T19:43:28.857Z.