Lenovo BIOS Vulnerabilities Could Allow Undetectable Malware Injection
Lenovo is sounding the alarm over a group of newly discovered BIOS vulnerabilities that could enable attackers to inject undetectable malware deep within the system firmware of certain IdeaCentre and Yoga All-In-One desktops. The flaws exist in Insyde’s BIOS firmware and grant malicious actors access to System Management Mode (SMM)—a privileged execution layer that can override nearly every part of the operating system, making cleanup and detection extremely difficult, even with a complete system wipe.
Six vulnerabilities, identified as CVE-2025-4421 through CVE-2025-4426, were disclosed by security researchers at Binarly and passed along to Lenovo in April 2025. Four of the six vulnerabilities carry a high severity rating, signaling the potential for devastating exploits if left unpatched. Since SMM has more authority than the OS kernel itself, successful exploitation could allow hackers to install firmware-level backdoors that persist invisibly for years.
Lenovo has confirmed that the following systems are affected: the IdeaCentre AIO 3 24ARR9, IdeaCentre AIO 3 27ARR9, Yoga AIO 27IAH10, Yoga AIO 32ILL10, and Yoga AIO 9 32IRH8. So far, patches have been made available only for the two IdeaCentre models. Firmware updates for the impacted Yoga AIO devices are not expected until September 2025, leaving a vulnerability window that could be exploited if users are not cautious.
To reduce your risk, immediately visit Lenovo’s support page to check for updates. Search for your specific model and go to the “Drivers and Software” section. There, you’ll find a “Manual Update” area where you can cross-reference the latest BIOS version with the version listed in Lenovo’s security bulletin. If a newer version is available, download and install it without delay. You can also use Lenovo’s system update utility if it’s already installed on your device.
Until all updates are available, it’s wise to be on high alert. Ensure you’re using a strong antivirus tool, avoid suspicious downloads, and don’t ignore any unusual performance issues. Even though only a handful of models are currently affected, the severity of these BIOS flaws makes them a high priority for both individual users and organizations relying on Lenovo AIO desktops.