CVE-2025-8061
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-11

Last updated on: 2025-09-15

Assigner: Lenovo Group Ltd.

Description
A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated local user to execute code with elevated privileges. The Lenovo Dispatcher 3.2 driver is not affected. This vulnerability does not affect systems when the Windows feature Core Isolation Memory Integrity is enabled. Lenovo systems preloaded with Windows 11 have this feature enabled by default.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-11
Last Modified
2025-09-15
Generated
2026-06-16
AI Q&A
2025-09-11
EPSS Evaluated
2026-06-15
NVD
CVE-2025-8061
EUVD
EUVD-2025-28989
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
lenovo dispatcher 3.0
lenovo dispatcher 3.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-782 The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an insufficient access control issue in Lenovo Dispatcher 3.0 and 3.1 drivers used on some Lenovo consumer notebooks. It allows an authenticated local user to execute code with elevated privileges, potentially gaining higher access than intended. The vulnerability does not affect Lenovo Dispatcher 3.2 or systems with Windows Core Isolation Memory Integrity enabled.

Impact Analysis

If exploited, this vulnerability could allow an authenticated local user to run code with elevated privileges, which might lead to unauthorized actions such as installing software, changing system settings, or accessing sensitive data beyond their normal permissions.

Mitigation Strategies

To mitigate this vulnerability, ensure that the Windows feature Core Isolation Memory Integrity is enabled on your system, as this feature prevents the vulnerability from affecting the system. Additionally, avoid using the vulnerable Lenovo Dispatcher 3.0 and 3.1 drivers and upgrade to Lenovo Dispatcher 3.2 or later, which is not affected.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-8061. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart