CVE-2025-4421 HIGH

CVE-2025-4421: EfiSmiServices: gEfiSmmCpuProtocol, SMM memory corruption vulnerabilities in SMM module

Vendor Insyde Software

Product InsydeH2O

Weakness CWE-787

Published July 30, 2025

Last update August 14, 2025

View on NVD All CVEs

CVSS base score

8.2/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/product_security/home

Key dates

02Disclosure timeline

July 30, 2025 CVE published

August 14, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-4421

Related vulnerabilities

Identifiers

CVE CVE-2025-4421

CWE CWE-787

CVSS 8.2 / HIGH

Affected versions