CVE-2025-4423

SetupAutomationSmm:Vulnerability in the SMM module allow attacker to write arbitrary code and lead to memory corruption

Description

The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/product_security/home

INFO

Published Date :

2025-07-30T00:42:01.874Z

Last Modified :

2025-08-14T05:56:57.880Z

Source :

Insyde

AFFECTED PRODUCTS

The following products are affected by CVE-2025-4423 vulnerability.

Vendors	Products
Insyde	Insydeh2o

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-4423.

URL	Resource
https://support.lenovo.com/us/en/product_security/home
https://www.insyde.com/security-pledge/sa-2025007/

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact