CVE-2025-10237
CVE-2025-10237
During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions.
Vulnerability class: POODLE (CVE-2014-3566)
CVSS v3 metric
CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2025-10237?
- CVE-2025-10237 is a medium-severity vulnerability, classified under Use of a Broken or Risky Cryptographic Algorithm. CVSS score: 6.7/10. Published 2026-06-10.
- How severe is CVE-2025-10237?
- Medium severity. CVSS v3 base score is 6.7 out of 10.