PT-2025-37259 · Lenovo +1 · Lenovo Dispatcher +1
Published
2025-09-11
·
Updated
2025-10-15
·
CVE-2025-8061
CVSS v3.1
7.0
7.0
High
Base vector | Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Lenovo Dispatcher versions 3.0 and 3.1
Description
An insufficient access control issue exists in Lenovo Dispatcher drivers used in some Lenovo consumer notebooks. This flaw could allow a local user with authentication to execute code with elevated privileges. The vulnerability does not affect systems when the Windows feature Core Isolation Memory Integrity is enabled, which is enabled by default on systems preloaded with Windows 11. Exploitation of this issue involves leveraging a driver's MSR read primitive to access kernel addresses and bypass security protections. The vulnerability is associated with the ability to perform Bring Your Own Vulnerable Driver (BYOVD) attacks, potentially used to kill Endpoint Detection and Response (EDR) systems.
Recommendations
Lenovo Dispatcher version 3.0: Update to a newer version.
Lenovo Dispatcher version 3.1: Update to a newer version.
Enable the Windows feature Core Isolation Memory Integrity to mitigate the risk.
Fix
LPE
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com
Weakness Enumeration
Related Identifiers
CVE-2025-8061
Affected Products
Lenovo Dispatcher
Windows 11
References · 15
- https://nvd.nist.gov/vuln/detail/CVE-2025-8061 · Security Note
- https://twitter.com/CVEnew/status/1966225703332098235 · Twitter Post
- https://reddit.com/r/CVEWatch/comments/1nq2t24/top_10_trending_cves_25092025 · Reddit Post
- https://support.lenovo.com/us/en/product_security/LEN-200860 · Note
- https://twitter.com/quarkslab/status/1970533901102915786 · Twitter Post
- https://twitter.com/VulmonFeeds/status/1966367708598980902 · Twitter Post
- https://twitter.com/Dinosn/status/1970678198808502712 · Twitter Post
- https://twitter.com/warthogtk/status/1970560557284565351 · Twitter Post
- https://t.me/OffensiveTwitter/3051 · Telegram Post
- https://reddit.com/r/pwnhub/comments/1o68mxr/critical_lenovo_code_execution_flaw_exposes_users · Reddit Post
- https://twitter.com/autumn_good_35/status/1970726275745808544 · Twitter Post
- https://twitter.com/Dinosn/status/1970562153288798386 · Twitter Post
- https://twitter.com/CyberWarship/status/1977365640500437391 · Twitter Post
- https://twitter.com/CCBalert/status/1970841969757700134 · Twitter Post
- https://twitter.com/DarkWebInformer/status/1978277555628081526 · Twitter Post