CVE-2025-4426

Vulnerability

Overview CVE-2025-4426 is an information disclosure vulnerability found in the SetupAutomationSmm component of Lenovo UEFI firmware. The SMM (System Management Mode) module mishandles memory boundaries, leading to exposure of sensitive data stored in SMRAM (CWE-200). An attacker with local administrative privileges can leverage this flaw to read memory contents that should be protected [1].

Exploitation

Context Exploitation requires high privileges (PR:H) and local access (AV:L). The attack is launched via a crafted SMI (System Management Interrupt) handler call that does not properly validate memory access. Because the CVSS vector indicates user interaction is not needed (UI:N) and the scope is changed (S:C), the attacker can escape the normal SMM sandbox and access memory regions outside the intended boundary [1].

Impact

A successful attack results in disclosure of SMRAM contents, which may contain sensitive firmware secrets, cryptographic keys, or system configuration data. The confidentiality impact is partial, but the integrity impact is none; the attacker cannot modify memory, only read it. This information could be used to stage further attacks against the platform [1].

Mitigation

Status Lenovo has been notified and directs customers to its Product Security Advisories page for updates. Insyde, the BIOS vendor, also published advisory SA-2025007 covering this and related SMM vulnerabilities [1]. Users should apply the latest firmware update provided by their device manufacturer as soon as possible. No publicly available exploit code has been reported at the time of disclosure.