Lenovo devices are affected by several vulnerabilities, including ones that could allow attackers to deploy persistent implants on targeted systems, firmware security and supply chain risk management company Binarly reported on Tuesday.
Binarly discovered a total of six flaws in the Insyde BIOS of Lenovo IdeaCentre and Yoga all-in-one desktop devices, specifically the System Management Mode (SMM), an operating mode designed for low-level system management.
Because SMM loads before the operating system and persists across reinstallation, it can be a perfect target for threat actors looking to bypass Secure Boot (the security feature designed to ensure that only trusted software is loaded on startup) and deploy stealthy malware.
The vulnerabilities have been assigned the CVE identifiers CVE‑2025‑4421 through CVE‑2025‑4426. Four of them have a ‘high severity’ rating, while the rest have been classified as ‘medium severity’.
The high-severity flaws are memory corruption issues that can lead to privilege escalation and arbitrary code execution in the SMM. The medium-severity vulnerabilities can lead to information disclosure and security mechanism bypasses.
Threat actors that have privileged access to the targeted Lenovo device could exploit the vulnerabilities to bypass SPI flash safeguards and SecureBoot, deploy implants that survive reinstallation of the operating system, and even break hypervisor isolation.
Binarly reported the flaws to Lenovo in April and the vendor confirmed the findings in June. Lenovo has now made available patches for IdeaCenter products and is working on fixes for Yoga products.
Both Lenovo and Binarly published security advisories describing the vulnerabilities on Tuesday.
Binarly recently also discovered SMM vulnerabilities affecting Gigabyte firmware. In addition, the company showed last month how vulnerable UEFI firmware applications from DTResearch, a company that makes rugged tablets, laptops and other industrial computers, can be leveraged to bypass Secure Boot on many devices.
*updated with details from Lenovo advisory
Related: Prototype UEFI Bootkit is South Korean University Project; LogoFAIL Exploit Discovered
Related: PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models
Related: Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls
