CVE-2025-10238
MediumCVSS 6.7Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products that could allow a privileged local user to execute code in System Management Mode (SMM).
Risk Assessment
This vulnerability may allow an attacker with local access to execute unauthorized code, posing a serious threat to system integrity.
Recommendation
It is recommended to update the BIOS to the latest version to mitigate the risk associated with this vulnerability.
Original NVD description (English source)
During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode (SMM).

