Critical BIOS Flaws Discovered in Lenovo AIO Desktops Pose Deep Security Risks
Lenovo has issued a warning to users of several IdeaCentre and Yoga All-In-One (AIO) desktop models following the discovery of serious BIOS security vulnerabilities that could allow attackers to execute malicious code with System Management Mode (SMM) privileges. This execution level grants such deep control over the system that malware inserted at this layer can survive even full operating system reinstalls, making these vulnerabilities especially dangerous and difficult to detect or remove.
The vulnerabilities—tracked as CVE-2025-4421 through CVE-2025-4426—were discovered by security researchers from Binarly and reported to Lenovo back in April. Four of the six were classified as high-severity issues. These flaws lie not in Lenovo’s own software, but in the Insyde BIOS firmware used in the affected machines. While Insyde’s firmware is deployed across various systems, Lenovo states that other PC vendors do not appear to be using this specific vulnerable UEFI version, limiting the scope of risk to its own devices.
Currently known affected models include the Lenovo IdeaCentre AIO 3 24ARR9, AIO 3 27ARR9, Yoga AIO 27IAH10, Yoga AIO 32ILL10, and Yoga AIO 9 32IRH8. Users with these machines are strongly encouraged to update their BIOS as soon as patches become available. Lenovo has already released updates for the IdeaCentre AIO 3 24ARR9 and 27ARR9 models, while firmware updates for the Yoga series are still under development and are expected to arrive by September.
If you own one of the impacted systems, visit Lenovo’s official support website and search for your exact model. Under the “Drivers and Software” section, choose “Manual Update,” then compare the BIOS version listed there with the minimum required version shown in Lenovo’s advisory. If a newer BIOS is available, download and install it right away. Users who already have Lenovo’s update tool installed may also use it to check for the patch automatically.
In the meantime, if a patch is not yet available for your device, maintain vigilance. Keep your antivirus software up to date, avoid downloading unknown files or attachments, and be cautious of any unusual system behavior. Because SMM-level malware is nearly undetectable by traditional methods, prevention remains the most critical defense until Lenovo completes the rollout of secure firmware updates.
