CVE-2025-10237: High severity Lenovo ThinkPad embedded controller firmware vulnerability
Published Jun 10, 2026
·Updated
During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions.
Affected Software
1 affected component
Lenovo ThinkPad embedded controller firmware
Remediation
Information
Update to the version (or newer) as recommended in the advisory: https://support.lenovo.com/us/en/product_security/LEN-218282
Event History
Jun 10, 2026
CVE Published
via MITRE·02:10 PM
Data Sourced
via MITRE·02:10 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·03:16 PM
DescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2025-10237?
CVE-2025-10237 has a medium severity rating of 6.7.
2
How do I fix CVE-2025-10237?
To fix CVE-2025-10237, update to the recommended version of the Lenovo ThinkPad embedded controller firmware.
3
What are the potential impacts of CVE-2025-10237?
CVE-2025-10237 could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions.
4
Which devices are affected by CVE-2025-10237?
CVE-2025-10237 affects certain Lenovo ThinkPad embedded controller firmware.
5
What type of vulnerability is CVE-2025-10237?
CVE-2025-10237 is a local privilege escalation vulnerability.