CVE-2025-4425 (GCVE-0-2025-4425)
Vulnerability from cvelistv5
Published
2025-07-30 00:45
Modified
2025-08-14 05:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/product_security/home
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Insyde Software | InsydeH2O |
Version: Feature developed for Lenovo < L05.05.40.011803.172079 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4425",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T13:59:54.430045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T14:00:56.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "InsydeH2O",
"vendor": "Insyde Software",
"versions": [
{
"lessThan": "L05.05.40.011803.172079",
"status": "affected",
"version": "Feature developed for Lenovo",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "BINARLY REsearch team"
}
],
"datePublic": "2025-07-30T00:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability was identified in the code developed specifically for Lenovo. Please visit \"Lenovo Product Security Advisories and Announcements\" webpage for more information about the vulnerability.\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/home\"\u003ehttps://support.lenovo.com/us/en/product_security/home\u003c/a\u003e"
}
],
"value": "The vulnerability was identified in the code developed specifically for Lenovo. Please visit \"Lenovo Product Security Advisories and Announcements\" webpage for more information about the vulnerability.\u00a0 https://support.lenovo.com/us/en/product_security/home"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T05:56:26.016Z",
"orgId": "8338d8cb-57f7-4252-abc0-96fd13e98d21",
"shortName": "Insyde"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge/sa-2025007/"
},
{
"url": "https://support.lenovo.com/us/en/product_security/home"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SetupAutomationSmm: Stack overflow vulnerability in SMI handler",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8338d8cb-57f7-4252-abc0-96fd13e98d21",
"assignerShortName": "Insyde",
"cveId": "CVE-2025-4425",
"datePublished": "2025-07-30T00:45:32.592Z",
"dateReserved": "2025-05-08T03:45:00.211Z",
"dateUpdated": "2025-08-14T05:56:26.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-4425\",\"sourceIdentifier\":\"8338d8cb-57f7-4252-abc0-96fd13e98d21\",\"published\":\"2025-07-30T01:15:25.540\",\"lastModified\":\"2025-07-31T18:42:37.870\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The vulnerability was identified in the code developed specifically for Lenovo. Please visit \\\"Lenovo Product Security Advisories and Announcements\\\" webpage for more information about the vulnerability.\u00a0 https://support.lenovo.com/us/en/product_security/home\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad se identific\u00f3 en el c\u00f3digo desarrollado espec\u00edficamente para Lenovo. Para obtener m\u00e1s informaci\u00f3n sobre la vulnerabilidad, visite la p\u00e1gina web \\\"Avisos y anuncios de seguridad de productos Lenovo\\\": https://support.lenovo.com/us/en/product_security/home\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"8338d8cb-57f7-4252-abc0-96fd13e98d21\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.5,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"8338d8cb-57f7-4252-abc0-96fd13e98d21\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]}],\"references\":[{\"url\":\"https://support.lenovo.com/us/en/product_security/home\",\"source\":\"8338d8cb-57f7-4252-abc0-96fd13e98d21\"},{\"url\":\"https://www.insyde.com/security-pledge/sa-2025007/\",\"source\":\"8338d8cb-57f7-4252-abc0-96fd13e98d21\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-4425\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-30T13:59:54.430045Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-30T14:00:18.429Z\"}}], \"cna\": {\"title\": \"SetupAutomationSmm: Stack overflow vulnerability in SMI handler\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"BINARLY REsearch team\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Insyde Software\", \"product\": \"InsydeH2O\", \"versions\": [{\"status\": \"affected\", \"version\": \"Feature developed for Lenovo\", \"lessThan\": \"L05.05.40.011803.172079\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2025-07-30T00:25:00.000Z\", \"references\": [{\"url\": \"https://www.insyde.com/security-pledge/sa-2025007/\"}, {\"url\": \"https://support.lenovo.com/us/en/product_security/home\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The vulnerability was identified in the code developed specifically for Lenovo. Please visit \\\"Lenovo Product Security Advisories and Announcements\\\" webpage for more information about the vulnerability.\\u00a0 https://support.lenovo.com/us/en/product_security/home\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The vulnerability was identified in the code developed specifically for Lenovo. Please visit \\\"Lenovo Product Security Advisories and Announcements\\\" webpage for more information about the vulnerability.\u0026nbsp;\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://support.lenovo.com/us/en/product_security/home\\\"\u003ehttps://support.lenovo.com/us/en/product_security/home\u003c/a\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-121\", \"description\": \"CWE-121: Stack-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"8338d8cb-57f7-4252-abc0-96fd13e98d21\", \"shortName\": \"Insyde\", \"dateUpdated\": \"2025-08-14T05:56:26.016Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-4425\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-14T05:56:26.016Z\", \"dateReserved\": \"2025-05-08T03:45:00.211Z\", \"assignerOrgId\": \"8338d8cb-57f7-4252-abc0-96fd13e98d21\", \"datePublished\": \"2025-07-30T00:45:32.592Z\", \"assignerShortName\": \"Insyde\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…