← back
CVE-2025-4424

SetupAutomationSmm : Arbitrary calls to SmmSetVariable with unsanitised arguments in SMI handler

CVSS 6 MEDIUMEPSS 0.2%CWE-20
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
30 Jul 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability.  https://support.lenovo.com/us/en/product_security/home
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N