CVE-2025-8061 is a high-severity vulnerability identified in the Lenovo Dispatcher 3.0 and 3.1 drivers, which are components used in certain Lenovo consumer notebooks. The vulnerability stems from an exposed IOCTL (Input Output Control) interface that lacks sufficient access control, classified under CWE-782 (Exposed IOCTL with Insufficient Access Control). This flaw allows an authenticated local user with limited privileges to execute arbitrary code with elevated privileges, effectively enabling privilege escalation on affected systems. The vulnerability does not impact Lenovo Dispatcher 3.2 or later versions. Additionally, systems with the Windows Core Isolation Memory Integrity feature enabled are not vulnerable; this feature is enabled by default on Lenovo devices preloaded with Windows 11. The CVSS v4.0 base score is 7.3, indicating a high severity level. The vector string (AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N) shows that the attack requires local access with high attack complexity and low privileges but no user interaction. The vulnerability affects confidentiality, integrity, and availability at a high level, allowing attackers to gain elevated code execution capabilities. No known exploits are currently reported in the wild, and no patches or updates have been linked yet. This vulnerability poses a significant risk to affected Lenovo consumer notebooks running Dispatcher 3.0 or 3.1 drivers without Core Isolation Memory Integrity enabled.

For European organizations using Lenovo consumer notebooks with Dispatcher 3.0 or 3.1 drivers, this vulnerability presents a serious risk of local privilege escalation. An attacker or malicious insider with authenticated local access could leverage this flaw to gain administrative control over the system, potentially leading to unauthorized access to sensitive data, installation of persistent malware, or disruption of system availability. This is particularly concerning for organizations with bring-your-own-device (BYOD) policies or those that allow local user access without strict endpoint controls. The fact that Windows 11 systems with Core Isolation Memory Integrity enabled are not affected reduces the risk for newer devices or those with updated security configurations. However, many enterprises in Europe still operate legacy hardware or have not fully adopted Windows 11, leaving them exposed. The vulnerability could facilitate lateral movement within networks, compromise endpoint security, and undermine trust in Lenovo hardware platforms. Given the high severity and the potential for privilege escalation, organizations must prioritize identification and remediation to prevent exploitation.

1. Verify and inventory Lenovo consumer notebooks to identify devices running Dispatcher 3.0 or 3.1 drivers. 2. Enable Windows Core Isolation Memory Integrity on all affected devices where possible, as this feature mitigates the vulnerability effectively. 3. Upgrade Lenovo Dispatcher drivers to version 3.2 or later once available from Lenovo, as these versions are not affected. 4. Restrict local user access to trusted personnel only and enforce least privilege principles to reduce the risk of exploitation by authenticated users. 5. Implement endpoint detection and response (EDR) solutions capable of monitoring suspicious local privilege escalation attempts and IOCTL calls. 6. Monitor Lenovo security advisories closely for patches or updates addressing this vulnerability and apply them promptly. 7. For devices that cannot be updated or have Core Isolation disabled, consider isolating them from sensitive networks or applying additional host-based security controls to limit potential damage. 8. Conduct user awareness training to highlight the risks of local privilege escalation and the importance of device security hygiene.