Lenovo is warning users that several BIOS security vulnerabilities have been discovered in Lenovo IdeaCentre and Yoga All-In-One desktops. The support document states that local attackers can execute malicious code in System Management Mode (SMM).

This access is often not recognized and is difficult to reverse as it involves an even higher authorization level than the kernel level. Even a complete reinstallation of the system is therefore not sufficient to detect and remove any deeply embedded malware once it has been injected, which makes these vulnerabilities particularly dangerous.

Which Lenovo models are affected?

The security vulnerabilities—labeled CVE-2025-4421 , CVE-2025-4422 , CVE-2025-4423 , CVE-2025-4424 , CVE-2025-4425 , and CVE-2025-4426 —were discovered by se

See Full Page