CNNVD-202507-3757 Information

CNNVD ID

CNNVD-202507-3757

Related CVE

CVE-2025-4423

• CNNVD Published: 2025-07-30

Description (Chinese)

InsydeH2O是中国系微（Insyde）公司的一款可定制固件代码库。 InsydeH2O存在安全漏洞，该漏洞源于SMM模块中的漏洞允许攻击者编写任意代码并导致内存损坏。

Description (English)

InsydeH2O is a custom-made hardware code repository for Insyde. InsydeH2O had a security loophole, which stemmed from a loophole in the SMM module that allowed the attackers to write random codes and cause memory damage.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

系微

Published

2025-07-30

Last Modified

2026-02-24

References

https://support.lenovo.com/us/en/product_security/home https://www.insyde.com/security-pledge/sa-2025007/

Patch

https://www.insyde.com/security-pledge/sa-2025007/