CVE-2025-4422
EfiSmiServices : EfiPcdProtocol, SMM memory corruption vulnerabilities in SMM module
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.2EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
30 Jul 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/product_security/home
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected products
Insyde Software · InsydeH2O