CVE-2025-8061

Name of the Vulnerable Software and Affected Versions Lenovo Dispatcher versions prior to 3.1.0.41

Description An insufficient access control issue exists in the Lenovo Dispatcher drivers. This allows an authenticated local user to execute arbitrary code with elevated privileges. The issue involves the use of an MSR (Model-Specific Register, used for toggling and monitoring processor-specific features) read primitive to access kernel addresses and bypass security protections. This does not affect systems where the Windows feature Core Isolation Memory Integrity is enabled.

Recommendations Update to version 3.1.0.41 or later. Enable Windows Core Isolation Memory Integrity to mitigate the risk.