CVE-2025-8061
📋 TL;DR
A local privilege escalation vulnerability in Lenovo Dispatcher drivers allows authenticated local users to execute arbitrary code with elevated privileges. This affects Lenovo consumer notebooks with Dispatcher 3.0 or 3.1 drivers. Systems with Windows Core Isolation Memory Integrity enabled are not vulnerable.
💻 Affected Systems
- Lenovo consumer notebooks with Lenovo Dispatcher driver
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker gains SYSTEM/administrator privileges, enabling complete system compromise, data theft, persistence establishment, and lateral movement.
Likely Case
Malicious local users or malware with user privileges escalate to administrative rights to install additional malware, disable security controls, or access sensitive data.
If Mitigated
With Memory Integrity enabled or patched systems, the vulnerability cannot be exploited, maintaining normal privilege separation.
🎯 Exploit Status
Requires authenticated local user access. No public exploit details available at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Dispatcher 3.2
Vendor Advisory: https://support.lenovo.com/us/en/product_security/LEN-200860
Restart Required: Yes
Instructions:
1. Visit Lenovo support site. 2. Download and install Dispatcher 3.2 driver update. 3. Restart system. 4. Verify driver version is 3.2 or higher.
🔧 Temporary Workarounds
Enable Memory Integrity
windowsEnable Windows Core Isolation Memory Integrity feature which prevents exploitation
Windows Security > Device Security > Core Isolation details > Memory Integrity toggle ON
🧯 If You Can't Patch
- Enable Windows Core Isolation Memory Integrity if supported by hardware
- Restrict local user access to affected systems and monitor for privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check Lenovo Dispatcher driver version in Device Manager > System devices > Lenovo Dispatcher. If version is 3.0 or 3.1, system is vulnerable unless Memory Integrity is enabled.Check Version:
wmic path Win32_PnPSignedDriver get DeviceName, DriverVersion | findstr /i "Dispatcher"Verify Fix Applied:
Verify driver version is 3.2 or higher in Device Manager, and/or confirm Memory Integrity is enabled in Windows Security settings.📡 Detection & Monitoring
Log Indicators:
- Unexpected privilege escalation events
- Suspicious driver loading
- Process creation with SYSTEM privileges from user accounts
Network Indicators:
- None - local exploitation only
SIEM Query:
EventID=4688 AND NewProcessName contains * AND SubjectUserName != SYSTEM AND TokenElevationType != %%1936