PatchSiren cyber security CVE debrief
CVE-2025-10238 Lenovo CVE debrief
A potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products. A privileged local user could exploit this vulnerability to execute code in System Management Mode (SMM).
- Vendor
- Lenovo
- Product
- X13 Gen 6 (Type 21RK, 21RL) Laptops (ThinkPad) BIOS
- CVSS
- HIGH 8.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Users of affected ThinkPad products, administrators, and security teams should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability has a CVSS score of 8.4 and is classified as HIGH severity. It was discovered during an internal security assessment.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by the vendor (Lenovo) as soon as possible.
- Restrict access to the affected systems to authorized personnel only.
- Monitor system logs for suspicious activity.
Evidence notes
The vendor is Lenovo, as indicated by the evidence in the source item.
Official resources
-
CVE-2025-10238 CVE record
CVE.org
-
CVE-2025-10238 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-10238 was published on 2026-06-10T15:16:31.053Z and modified on 2026-06-10T19:43:28.857Z.