Crucial safety flaws present in Lenovo AIO PCs! What to do if affected

Which Lenovo fashions are affected?

The safety vulnerabilities—labeled CVE-2025-4421, CVE-2025-4422, CVE-2025-4423, CVE-2025-4424, CVE-2025-4425, and CVE-2025-4426—have been found by safety researchers from Binarly and reported to Lenovo again in April. 4 of them got excessive severity scores.

Based on Lenovo, the next fashions are recognized to be affected:

• Lenovo IdeaCentre AIO 3 24ARR9
• Lenovo IdeaCentre AIO 3 27ARR9
• Lenovo Yoga AIO 27IAH10
• Lenovo Yoga AIO 32ILL10
• Lenovo Yoga AIO 9 32IRH8

The vulnerability rests within the Insyde BIOS firmware, which isn’t supplied by Lenovo itself however moderately the Taiwanese firm Insyde. That stated, units from different producers don’t look like working this explicit UEFI model and are due to this fact not in danger.

What you are able to do in case you’re affected

Lenovo is engaged on providing complete patches for the safety flaws. Nonetheless, these are at the moment solely out there for the 2 IdeaCentre fashions. House owners of weak Lenovo Yoga AIO desktops will seemingly have to attend till September for corresponding updates to be prepared.

To obtain the suitable patch on your machine, it is advisable discover your precise mannequin on Lenovo’s help web site, then click on on “Drivers and software program” after which on “Guide replace.” Examine the minimal model on your machine in this help doc with the newest model printed on the help web site, then obtain and set up the newest model.

Alternatively, you may also use Lenovo’s replace administration software when you have already put in it. You also needs to verify that your PC continues to be safe and use a dependable antivirus program to cut back the chance of an assault in case your machine can not but be patched.