Medium CVE-2025-10237 During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions. CVSS: 6.7 · CWE: CWE-327 View on NVD