CVE-2025-10238: High severity Lenovo ThinkPad BIOS vulnerability
Published Jun 10, 2026
·Updated
During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode (SMM).
Affected Software
1 affected component
Lenovo ThinkPad BIOS
Remediation
Information
Update to the version (or newer) as recommended in the advisory: https://support.lenovo.com/us/en/product_security/LEN-218282
Event History
Jun 10, 2026
CVE Published
via MITRE·02:11 PM
Data Sourced
via MITRE·02:11 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·03:16 PM
DescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2025-10238?
CVE-2025-10238 has a medium severity rating of 6.7.
2
What type of vulnerability is CVE-2025-10238?
CVE-2025-10238 is an out-of-bounds write vulnerability found in the BIOS of some Lenovo ThinkPad products.
3
Who is affected by CVE-2025-10238?
Privileged local users of affected Lenovo ThinkPad devices are at risk from CVE-2025-10238.
4
How do I fix CVE-2025-10238?
To fix CVE-2025-10238, update the Lenovo ThinkPad BIOS to the recommended version or newer.
5
What could an attacker achieve with CvE-2025-10238?
An attacker could execute code in System Management Mode (SMM) due to the vulnerability in CVE-2025-10238.