CVE-2025-8061
BaseFortify
Publication date: 2025-09-11
Last updated on: 2025-09-15
Assigner: Lenovo Group Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lenovo | dispatcher | 3.0 |
| lenovo | dispatcher | 3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-782 | The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an insufficient access control issue in Lenovo Dispatcher 3.0 and 3.1 drivers used on some Lenovo consumer notebooks. It allows an authenticated local user to execute code with elevated privileges, potentially gaining higher access than intended. The vulnerability does not affect Lenovo Dispatcher 3.2 or systems with Windows Core Isolation Memory Integrity enabled.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an authenticated local user to run code with elevated privileges, which might lead to unauthorized actions such as installing software, changing system settings, or accessing sensitive data beyond their normal permissions.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the Windows feature Core Isolation Memory Integrity is enabled on your system, as this feature prevents the vulnerability from affecting the system. Additionally, avoid using the vulnerable Lenovo Dispatcher 3.0 and 3.1 drivers and upgrade to Lenovo Dispatcher 3.2 or later, which is not affected.