SB2025092506 - Privilege escalation in Lenovo Dispatcher driver
Published: September 25, 2025 Updated: November 28, 2025
Security Bulletin ID
SB2025092506
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper access control (CVE-ID: CVE-2025-8061)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions. A local user can execute arbitrary code with elevated privileges.
Note, the vulnerability does not affect systems when the Windows feature Core Isolation Memory Integrity is enabled. Lenovo systems preloaded with Windows 11 have this feature enabled by default.
Remediation
Install update from vendor's website.