Lenovo Dispatcher 3.0-3.1: Insufficient Access Control (Elevated Privileges)
CVE-2025-8061 Published on September 11, 2025
A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated local user to execute code with elevated privileges. The Lenovo Dispatcher 3.2 driver is not affected. This vulnerability does not affect systems when the Windows feature Core Isolation Memory Integrity is enabled. Lenovo systems preloaded with Windows 11 have this feature enabled by default.
Vulnerability Analysis
CVE-2025-8061 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Exposed IOCTL with Insufficient Access Control
The software implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.
Products Associated with CVE-2025-8061
stack.watch emails you whenever new vulnerabilities are published in Lenovo Dispatcher 3 0 Driver or Lenovo Dispatcher 3 1 Driver. Just hit a watch button to start following.
Affected Versions
Lenovo Dispatcher 3.0 Driver:- Before 3.1.0.41 is affected.
- Before 3.1.0.41 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.