CVE-2025-10237
MEDIUMLenovo X13 Gen 6 (Type 21RK, 21RL) Laptops (ThinkPad) Bios - Use of a Broken or Risky Cryptographic Algorithm
Title source: ruleDescription
During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://support.lenovo.com/us/en/product_security/LEN-218282
Scores
CVSS v3
6.7
EPSS
0.0008
EPSS Percentile
0.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-327
Status
published
Products (50)
Lenovo/L13 (type 20R3, 20R4) Laptops (ThinkPad) BIOS
< 1.45
Lenovo/L13 2-in-1 Gen 6 (Type 21R7, 21R8) Laptops (ThinkPad) BIOS
< 1.10
Lenovo/L13 Gen 4 (Type 21FG, 21FH) Laptop (ThinkPad) BIOS
< 1.24
Lenovo/L13 Gen 5 (Type 21LB, 21LC) Laptops (ThinkPad) BIOS
< 1.21
Lenovo/L13 Gen 6 (Type 21RB, 21RC) Laptops (ThinkPad) BIOS
< 1.15
Lenovo/L13 Yoga Gen 3 (Type 21B5, 21B6) Laptop (ThinkPad) BIOS
< 1.31
Lenovo/L14 Gen 2 (type 20X5, 20X6) Laptop (ThinkPad) BIOS
< 1.36
Lenovo/L14 Gen 2 Type 20X1 20X2 Laptops (ThinkPad) BIOS
< 1.73
Lenovo/L14 Gen 3 (type 21C1, 21C2) Laptops (ThinkPad) BIOS
< 1.44
Lenovo/L14 Gen 3 (type 21C5, 21C6) Laptops (ThinkPad) BIOS
< 1.36
... and 40 more
Published
Jun 10, 2026
Tracked Since
Jun 10, 2026