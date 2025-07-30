Vulnerability Management

Multiple vulnerabilities found in Lenovo devices

(Adobe Stock)

(Adobe Stock)

SecurityWeek reports that all-in-one desktops by Lenovo had their System Management Mode impacted by half a dozen security flaws, tracked from CVE-2025-4421 to CVE-2025-4426, which could be leveraged to facilitate persistent implant injections.

Malicious actors could exploit the four high-severity memory corruption flaws to escalate privileges and execute arbitrary code in the SMM, while the other medium-severity issues could be abused to disclose information and evade security mechanisms, according to findings from Binarly. Aside from launching persistent implants, as well as circumventing SPI flash defenses and SecureBoot, attackers could also ruin hypervisor isolation via intrusions involving the flaws, which have already been addressed and mitigated by Lenovo. Such a report comes after Gigabyte firmware was discovered by Binarly researchers to have been affected by several SMM flaws. Similar security bugs that could be harnessed to evade Secure Boot have also been discovered by the firm in DTResearch's UEFI firmware apps.

Related

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BugBuffer OverflowDisassembly

You can skip this ad in 5 seconds