Lenovo ThinkPad EC Firmware Local Privilege Escalation: Memory Read/Write
CVE-2025-10237 Published on June 10, 2026

During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2025-10237 can be exploited with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information. The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Well-known techniques may exist to break the algorithm.

Products Associated with CVE-2025-10237

Want to know whenever a new CVE is published for Lenovo products? stack.watch will email you.

Lenovo X13 Gen 6 Type 21rk 21rl Laptops Thinkpad Bios

Lenovo X1 Carbon 13th Gen Type 21nx 21ny Laptops Thinkpad Bios

Lenovo P16v Gen 3 Type 21rs 21rt Laptop Thinkpad Bios

Lenovo L16 Gen 1 Type 21l7 21l8 Laptops Thinkpad Bios

Lenovo T14s Gen 6 Type 21tb 21tc Laptops Thinkpad Bios

Lenovo P14s Gen 6 Type 21qt 21qu Laptops Thinkpad Bios

Lenovo L13 Gen 6 Type 21rb 21rc Laptops Thinkpad Bios

Lenovo L14 Gen 6 Type 21se 21sf Laptops Thinkpad Bios

Lenovo L16 Gen 2 Type 21sc 21sd Laptops Thinkpad Bios

Lenovo X13 Gen 6 Type 21rm 21rn Laptops Thinkpad Bios

Lenovo T14s Gen 6 Type 21r1 21r2 Laptops Thinkpad Bios

Lenovo X1 2 1 Gen 9 Type 21ke 21kf Laptop Thinkpad Bios

Lenovo X1 Fold 16 Gen 1 Type 21es 21et Laptop Thinkpad Bios

Lenovo Z16 Gen 2 Type 21jx 21jy Laptop Thinkpad Bios

Lenovo P16v Gen 1 Type 21fe 21ff Laptop Thinkpad Bios

Lenovo X13 Gen 4 Type 21j3 21j4 Laptop Thinkpad Bios

Lenovo T14s Gen 4 Type 21f8 21f9 Laptop Thinkpad Bios

Lenovo P14s Gen 4 Type 21k5 21k6 Laptop Thinkpad Bios

Lenovo P1 Gen 6 Type 21fv 21fw Laptop Thinkpad Bios

Lenovo P16v Gen 1 Type 21fc 21fd Laptop Thinkpad Bios

Lenovo P16 Gen 2 Type 21fa 21fb Laptop Thinkpad Bios

Lenovo X13 Yoga Gen 4 Type 21f2 21f3 Laptop Thinkpad Bios

Lenovo P16s Gen 2 Type 21hk 21hl Laptop Thinkpad Bios

Lenovo T14s Gen 4 Type 21f6 21f7 Laptop Thinkpad Bios

Lenovo L14 Gen 4 Type 21h1 21h2 Laptop Thinkpad Bios

Lenovo L13 Gen 4 Type 21fg 21fh Laptop Thinkpad Bios

Lenovo X1 Nano Gen 3 Type 21k1 21k2 Laptop Thinkpad Bios

Lenovo S2 Yoga Gen 8 Types 21fu China Only Laptop Thinkpad Bios

Lenovo L15 Gen 4 Type 21h7 21h8 Laptops Thinkpad Bios

Lenovo X1 Yoga 8th Gen Type 21hq 21hr Laptop Thinkpad Bios

Lenovo T14s Gen 6 Type 21m1 21m2 Laptops Thinkpad Bios

Lenovo P15v Gen 3 Type 21en 21em Laptop Thinkpad Bios

Lenovo P16 Gen 1 Type 21d6 21d7 Laptop Thinkpad Bios

Lenovo X1 2 1 Gen 10 Type 21nu 21nv Laptop Thinkpad Bios

Lenovo X9 14 Gen 1 Type 21qa 21qb Laptop Thinkpad Bios

Lenovo T14s Gen 5 Type 21ls 21lt Laptop Thinkpad Bios

Lenovo L14 Gen 5 Type 21l1 21l2 Laptops Thinkpad Bios

Lenovo T14 Gen 3 Type 21ah 21aj Laptop Thinkpad Bios

Lenovo T15p Gen 3 Type 21da 21db Laptop Thinkpad Bios

Lenovo P1 Gen 5 Type 21dc 21dd Laptop Thinkpad Bios

Lenovo T14s Gen 3 Type 21cq 21cr Laptop Thinkpad Bios

Lenovo Z16 Gen 1 Type 21d4 21d5 Laptop Thinkpad Bios

Lenovo T14s Gen 3 Type 21br 21bs Laptop Thinkpad Bios

Lenovo L14 Gen 3 Type 21c1 21c2 Laptops Thinkpad Bios

Lenovo X13 Yoga Gen 3 Type 21aw 21ax Laptop Thinkpad Bios

Lenovo L13 Yoga Gen 3 Type 21b5 21b6 Laptop Thinkpad Bios

Lenovo X1 Nano Gen 2 Type 21e8 21e9 Laptop Thinkpad Bios

Lenovo Thinkpad S2 Gen 7 Type 21bd Bios

Lenovo X1 Yoga 7th Gen Type 21cd 21ce Laptop Thinkpad Bios

Lenovo L14 Gen 3 Type 21c5 21c6 Laptops Thinkpad Bios

Lenovo Thinkpad S2 Yoga Gen 6 Type 20vn China Only Bios

Lenovo X1 Yoga 6th Gen Type 20xy 20y0 Laptop Thinkpad Bios

Lenovo X13 Yoga Gen 2 Type 20w8 20w9 Laptop Thinkpad Bios

Lenovo X13 Gen 2 Type 20wk 20wl Laptop Thinkpad Bios

Lenovo L14 Gen 2 Type 20x5 20x6 Laptop Thinkpad Bios

Lenovo T15g Gen 1 Type 20ur 20us Laptop Thinkpad Bios

Lenovo X13 Gen 2 Type 20xh 20xj Laptop Thinkpad Bios

Lenovo T15p Gen 2 Type 21a7 21a8 Laptop Thinkpad Bios

Lenovo P14s Gen 2 Type 21a0 21a1 Laptop Thinkpad Bios

Lenovo Thinkpad S2 Yoga Gen 6 Type 21ag China Only Bios

Lenovo X1 Extreme 4th Gen Type 20y5 20y6 Laptop Thinkpad Bios

Lenovo P17 Gen 2 Type 20yu 20yv Laptops Thinkpad Bios

Lenovo X1 Titanium Type 20qa 20qb Laptop Thinkpad Bios

Lenovo X1 Nano Gen 1 Type 20un 20uq Laptop Thinkpad Bios

Lenovo X12 Detachable Gen 1 Type 20uw 20uv Laptop Thinkpad Bios

Lenovo X13 Gen 5 Type 21lu 21lv Laptop Thinkpad Bios

Lenovo L14 Gen 2 Type 20x1 20x2 Laptops Thinkpad Bios

Lenovo T16 Gen 4 Type 21qe 21qf Laptops Thinkpad Bios

Lenovo T16 Gen 4 Type 22aw 22ax Laptops Thinkpad Bios

Lenovo T15 Gen 2 Type 20w4 20w5 Laptop Thinkpad Bios

Lenovo X1 Fold Gen 1 Type 20rk 20rl Laptop Thinkpad Bios

Lenovo X1 Extreme 3rd Gen Type 20tk 20tl Laptop Thinkpad Bios

Lenovo T14s Type 20t0 20t1 Laptop Thinkpad Bios

Lenovo T15 Type 20s6 20s7 Laptop Thinkpad Bios

Lenovo X13 Yoga Gen 1 Type 20sx 20sy Laptop Thinkpad Bios

Lenovo X1 Yoga 5th Gen Type 20ub 20uc Laptop Thinkpad Bios

Lenovo X390 Yoga Type 20nn 20nq Laptop Thinkpad Bios

Lenovo X1 Yoga 4th Gen Type 20sa 20sb Laptop Thinkpad Bios

Lenovo X390 Type 20sc 20sd Laptop Thinkpad Bios

Lenovo P73 Type 20qr 20qs Laptop Thinkpad Bios

Lenovo T490 Type 20n2 20n3 Laptop Thinkpad Bios

Lenovo X1 Extreme 2nd Gen Type 20qv 20qw Laptop Thinkpad Bios

Lenovo L390 Type 20nr 20ns Laptops Thinkpad Bios

Lenovo L13 Type 20r3 20r4 Laptops Thinkpad Bios

Lenovo L13 Gen 5 Type 21lb 21lc Laptops Thinkpad Bios

Lenovo P14s Gen 6 Type 21ql 21qm Laptops Thinkpad Bios

Lenovo L13 2 1 Gen 6 Type 21r7 21r8 Laptops Thinkpad Bios

Lenovo L14 Gen 6 Type 21s6 21s7 Laptops Thinkpad Bios

Lenovo T14s Gen 6 Type 21qx 21qy Laptops Thinkpad Bios

Lenovo P1 Gen 7 Type 21kv 21kw Laptop Thinkpad Bios

Lenovo P14s Gen 5 Type 21g2 21g3 Laptops Thinkpad Bios

Lenovo T14 Gen 5 Type 21mc 21md Laptops Thinkpad Bios

Lenovo X12 Detachable Gen 2 Type 21lk 21ll Laptops Thinkpad Bios

Lenovo T16 Gen 3 Type 21mn 21mq Laptops Thinkpad Bios

Lenovo P16v Gen 2 Type 21kx 21ky Laptops Thinkpad Bios

Affected Versions

Lenovo X13 Gen 6 (Type 21RK, 21RL) Laptops (ThinkPad) BIOS:

Before 1.11 is affected.

Lenovo X1 Carbon 13th Gen (Type 21NX, 21NY) Laptops (ThinkPad) BIOS:

Before 1.15 is affected.

Lenovo P16v Gen 3 (Type 21RS, 21RT) Laptop (ThinkPad) BIOS:

Before and including 1.16 is affected.

Lenovo L16 Gen 1 (Type 21L7 21L8) Laptops (ThinkPad) BIOS:

Before 1.40 is affected.

Lenovo T14s Gen 6 (Type 21TB, 21TC) Laptops (ThinkPad) BIOS:

Before 1.11 is affected.

Lenovo P14s Gen 6 (Type 21QT, 21QU) Laptops (ThinkPad) BIOS:

Before UEFI BIOS V1.22/ECP V1.13 is affected.

Lenovo L13 Gen 6 (Type 21RB, 21RC) Laptops (ThinkPad) BIOS:

Before 1.15 is affected.

Lenovo L14 Gen 6 (Type 21SE, 21SF) Laptops (ThinkPad) BIOS:

Before 1.14 is affected.

Lenovo L16 Gen 2 (Type 21SC, 21SD) Laptops (ThinkPad) BIOS:

Before 1.13 is affected.

Lenovo X13 Gen 6 (Type 21RM, 21RN) Laptops (ThinkPad) BIOS:

Before 1.09 is affected.

Lenovo T14s Gen 6 (Type 21R1, 21R2) Laptops (ThinkPad) BIOS:

Before 1.09 is affected.

Lenovo X1 2-in-1 Gen 9 (Type 21KE, 21KF) Laptop (ThinkPad) BIOS:

Before 1.46 is affected.

Lenovo X1 Fold 16 Gen 1 (Type 21ES, 21ET) Laptop (ThinkPad) BIOS:

Before 1.26 is affected.

Lenovo Z16 Gen 2 (Type 21JX, 21JY) Laptop (ThinkPad) BIOS:

Before 1.37 is affected.

Lenovo P16v Gen 1 (Type 21FE, 21FF) Laptop (ThinkPad) BIOS:

Before 1.65/1.13 is affected.

Lenovo X13 Gen 4 (Type 21J3, 21J4) Laptop (ThinkPad) BIOS:

Before 1.37 is affected.

Lenovo T14s Gen 4 (Type 21F8, 21F9) Laptop (ThinkPad) BIOS:

Before 1.28 is affected.

Lenovo P14s Gen 4 (Type 21K5, 21K6) Laptop (ThinkPad) BIOS:

Before 1.47 is affected.

Lenovo P1 Gen 6 (Type 21FV, 21FW) Laptop (ThinkPad) BIOS:

Before 1.39 / 1.15 is affected.

Lenovo P16v Gen 1 (Type 21FC, 21FD) Laptop (ThinkPad) BIOS:

Before BIOS: 1.66 / ECFW: 1.10 is affected.

Lenovo P16 Gen 2 (Type 21FA, 21FB) Laptop (ThinkPad) BIOS:

Before BIOS: 1.99/ ECFW: 1.58 is affected.

Lenovo X13 Yoga Gen 4 (Type 21F2, 21F3) Laptop (ThinkPad) BIOS:

Before 1.22 is affected.

Lenovo P16s Gen 2 (Type 21HK, 21HL) Laptop (ThinkPad) BIOS:

Before 1.52 is affected.

Lenovo T14s Gen 4 (Type 21F6, 21F7) Laptop (ThinkPad) BIOS:

Before 1.23 is affected.

Lenovo L14 Gen 4 (Type 21H1, 21H2) Laptop (ThinkPad) BIOS:

Before 1.34 is affected.

Lenovo L13 Gen 4 (Type 21FG, 21FH) Laptop (ThinkPad) BIOS:

Before 1.24 is affected.

Lenovo X1 Nano Gen 3 (Type 21K1, 21K2) Laptop (ThinkPad) BIOS:

Before 1.29 / 1.11 is affected.

Lenovo S2 Yoga Gen 8 (Types 21FU) China Only Laptop (ThinkPad) BIOS:

Before 1.28 is affected.

Lenovo L15 Gen 4 (Type 21H7, 21H8) Laptops (ThinkPad) BIOS:

Before 1.27 is affected.

Lenovo X1 Yoga 8th Gen (Type 21HQ, 21HR) Laptop (ThinkPad) BIOS:

Before 1.38 is affected.

Lenovo T14s Gen 6 (Type 21M1, 21M2) Laptops (ThinkPad) BIOS:

Before 1.62/1.12 is affected.

Lenovo P15v Gen 3 (Type 21EN 21EM) Laptop (ThinkPad) BIOS:

Before and including 1.28 is affected.

Lenovo P16 Gen 1 (Type 21D6, 21D7) Laptop (ThinkPad) BIOS:

Before and including 1.70 is affected.

Lenovo X1 2-in-1 Gen 10 (Type 21NU, 21NV) Laptop (ThinkPad) BIOS:

Before 1.39 is affected.

Lenovo X9-14 Gen 1 (Type 21QA, 21QB) Laptop (ThinkPad) BIOS:

Before 1.21 is affected.

Lenovo T14s Gen 5 (Type 21LS, 21LT) Laptop (ThinkPad) BIOS:

Before 1.15 is affected.

Lenovo L14 Gen 5 (Type 21L1, 21L2) Laptops (ThinkPad) BIOS:

Before 1.27 is affected.

Lenovo T14 Gen 3 (Type 21AH, 21AJ) Laptop (ThinkPad) BIOS:

Before 1.47/1.27 is affected.

Lenovo T15p Gen 3 (Type 21DA 21DB) Laptop (ThinkPad) BIOS:

Before and including 1.68 is affected.

Lenovo P1 Gen 5 (Type 21DC 21DD) Laptop (ThinkPad) BIOS:

Before 1.30 / 1.15 is affected.

Lenovo T14s Gen 3 (Type 21CQ 21CR) Laptop (ThinkPad) BIOS:

Before 1.51 is affected.

Lenovo Z16 Gen 1 (Type 21D4, 21D5) Laptop (ThinkPad) BIOS:

Before 1.76 is affected.

Lenovo T14s Gen 3 (Type 21BR 21BS) Laptop (ThinkPad) BIOS:

Before 1.49 is affected.

Lenovo L14 Gen 3 (type 21C1, 21C2) Laptops (ThinkPad) BIOS:

Before 1.44 is affected.

Lenovo X13 Yoga Gen 3 (Type 21AW 21AX) Laptop (ThinkPad) BIOS:

Before 1.25 is affected.

Lenovo L13 Yoga Gen 3 (Type 21B5, 21B6) Laptop (ThinkPad) BIOS:

Before 1.31 is affected.

Lenovo X1 Nano Gen 2 (Type 21E8 21E9) Laptop (ThinkPad) BIOS:

Before 1.33 / 1.21 is affected.

Lenovo ThinkPad S2 Gen 7 Type 21BD BIOS:

Before and including 1.36 is affected.

Lenovo X1 Yoga 7th Gen (Type 21CD, 21CE) Laptop (ThinkPad) BIOS:

Before 1.53 is affected.

Lenovo L14 Gen 3 (type 21C5, 21C6) Laptops (ThinkPad) BIOS:

Before 1.36 is affected.

Lenovo ThinkPad S2 Yoga Gen 6 Type 20VN China Only BIOS:

Before 1.38/1.36 is affected.

Lenovo X1 Yoga 6th Gen (Type 20XY, 20Y0) Laptop (ThinkPad) BIOS:

Before 1.76 is affected.

Lenovo X13 Yoga Gen 2 (Type 20W8, 20W9) Laptop (ThinkPad) BIOS:

Before 1.52/ 1.28 is affected.

Lenovo X13 Gen 2 (Type 20WK, 20WL) Laptop (ThinkPad) BIOS:

Before 1.65 is affected.

Lenovo L14 Gen 2 (type 20X5, 20X6) Laptop (ThinkPad) BIOS:

Before 1.36 is affected.

Lenovo T15g Gen 1 (type 20UR 20US) Laptop (ThinkPad) BIOS:

Before and including 1.98 is affected.

Lenovo X13 Gen 2 (Type 20XH, 20XJ) Laptop (ThinkPad) BIOS:

Before 1.36 is affected.

Lenovo T15p Gen 2 (Type 21A7, 21A8) Laptop (ThinkPad) BIOS:

Before and including 1.84 is affected.

Lenovo P14s Gen 2 (type 21A0, 21A1) Laptop (ThinkPad) BIOS:

Before 1.33 is affected.

Lenovo ThinkPad S2 Yoga Gen 6 Type 21AG China Only BIOS:

Before and including 1.38 is affected.

Lenovo X1 Extreme 4th Gen (Type 20Y5, 20Y6) Laptop (ThinkPad) BIOS:

Before 1.34 / 1.19 is affected.

Lenovo P17 Gen 2 (type 20YU, 20YV) Laptops (ThinkPad) BIOS:

Before and including 1.98 is affected.

Lenovo X1 Titanium (Type 20QA, 20QB) Laptop (ThinkPad) BIOS:

Before 1.38 is affected.

Lenovo X1 Nano Gen 1 (Type 20UN 20UQ) Laptop (ThinkPad) BIOS:

Before 1.69 is affected.

Lenovo X12 Detachable Gen 1 (Type 20UW, 20UV) Laptop (ThinkPad) BIOS:

Before and including 1.40 is affected.

Lenovo X13 Gen 5 (Type 21LU, 21LV) Laptop (ThinkPad) BIOS:

Before 1.17 is affected.

Lenovo L14 Gen 2 Type 20X1 20X2 Laptops (ThinkPad) BIOS:

Before 1.73 is affected.

Lenovo T16 Gen 4 (Type 21QE, 21QF) Laptops (ThinkPad) BIOS:

Before 1.12 is affected.

Lenovo T16 Gen 4 (Type 22AW, 22AX) Laptops (ThinkPad) BIOS:

Before 1.08 is affected.

Lenovo T15 Gen 2 (Type 20W4, 20W5) Laptop (ThinkPad) BIOS:

Before 1.69/1.21 is affected.

Lenovo X1 Fold Gen 1 (Type 20RK, 20RL) Laptop (ThinkPad) BIOS:

Before and including 1.35 is affected.

Lenovo X1 Extreme 3rd Gen (Type 20TK, 20TL) Laptop (ThinkPad) BIOS:

Before 1.38 / 1.22 is affected.

Lenovo T14s (Type 20T0, 20T1) Laptop (ThinkPad) BIOS:

Before 1.38 is affected.

Lenovo T15 (type 20S6, 20S7) Laptop (ThinkPad) BIOS:

Before and including 1.34 is affected.

Lenovo X13 Yoga Gen 1 (Type 20SX, 20SY) Laptop (ThinkPad) BIOS:

Before 1.58 / 1.18 is affected.

Lenovo X1 Yoga 5th Gen (Type 20UB, 20UC) Laptop (ThinkPad) BIOS:

Before 1.41 is affected.

Lenovo X390 Yoga (Type 20NN, 20NQ) Laptop (ThinkPad) BIOS:

Before 2.06 / 1.23 is affected.

Lenovo X1 Yoga 4th Gen (Type 20SA, 20SB) Laptop (ThinkPad) BIOS:

Before 1.67 / 1.56 is affected.

Lenovo X390 (Type 20SC, 20SD) Laptop (ThinkPad) BIOS:

Before and including 1.87 is affected.

Lenovo P73 (type 20QR, 20QS) Laptop (Thinkpad) BIOS:

Before and including 2.01 is affected.

Lenovo T490 (Type 20N2, 20N3) Laptop (ThinkPad) BIOS:

Before 1.85/1.26 is affected.

Lenovo X1 Extreme 2nd Gen (Type 20QV, 20QW) Laptop (ThinkPad) BIOS:

Before 1.56 / 1.26 is affected.

Lenovo L390 (type 20NR, 20NS) Laptops (ThinkPad) BIOS:

Before 1.53 is affected.

Lenovo L13 (type 20R3, 20R4) Laptops (ThinkPad) BIOS:

Before 1.45 is affected.

Lenovo L13 Gen 5 (Type 21LB, 21LC) Laptops (ThinkPad) BIOS:

Before 1.21 is affected.

Lenovo P14s Gen 6 (Type 21QL, 21QM) Laptops (ThinkPad) BIOS:

Before 1.17 is affected.

Lenovo L13 2-in-1 Gen 6 (Type 21R7, 21R8) Laptops (ThinkPad) BIOS:

Before 1.10 is affected.

Lenovo L14 Gen 6 (Type 21S6, 21S7) Laptops (ThinkPad) BIOS:

Before 1.06 is affected.

Lenovo T14s Gen 6 (Type 21QX, 21QY) Laptops (ThinkPad) BIOS:

Before 1.10 is affected.

Lenovo P1 Gen 7 (Type 21KV, 21KW) Laptop (ThinkPad) BIOS:

Before 1.18 / 1.14 is affected.

Lenovo P14s Gen 5 (Type 21G2, 21G3) Laptops (ThinkPad) BIOS:

Before 1.26 is affected.

Lenovo T14 Gen 5 (Type 21MC, 21MD) Laptops (ThinkPad) BIOS:

Before 1.18 is affected.

Lenovo X12 Detachable Gen 2 (Type 21LK, 21LL) Laptops (ThinkPad) BIOS:

Before 1.22 / 1.15 is affected.

Lenovo T16 Gen 3 (Type 21MN, 21MQ) Laptops (ThinkPad) BIOS:

Before 1.16 is affected.

Lenovo P16v Gen 2 (Type 21KX, 21KY) Laptops (ThinkPad) BIOS:

Before and including 1.20 is affected.

Exploit Probability

EPSS

0.08%

Percentile

0.16%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Lenovo ThinkPad EC Firmware Local Privilege Escalation: Memory Read/WriteCVE-2025-10237 Published on June 10, 2026

Vulnerability Analysis

Weakness Type

Use of a Broken or Risky Cryptographic Algorithm

Products Associated with CVE-2025-10237

Affected Versions

Exploit Probability

Lenovo ThinkPad EC Firmware Local Privilege Escalation: Memory Read/Write
CVE-2025-10237 Published on June 10, 2026