CVE Catalog

CVE-2025-10237

MediumCVSS 6.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

1th percentile — higher than 1% of all known CVEs

Summary

During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions.

Risk Assessment

This vulnerability could lead to unauthorized access to sensitive data or the ability to modify critical system settings by local users with appropriate privileges.

Recommendation

It is recommended to update the embedded controller firmware to the latest version to mitigate the risks associated with this vulnerability.

Original NVD description (English source)

During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS