CVE-2025-62619

MEDIUM

Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics - Missing Authentication for Critical Function

Title source: rule

Description

Missing authentication in the KVM key download endpoint could allow an unauthenticated attacker with knowledge of the exposed URL to retrieve sensitive keys, potentially leading to loss of confidentiality.

References (1)

Core 1

Core References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9023.html

Scores

CVSS v4 6.3

EPSS 0.0010

EPSS Percentile 26.4%

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (26)

AMD/AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics AMD Device Management Portal 3.0.0.895

AMD/AMD Device Management Portal (ADMP) 3.0.0.895

AMD/AMD Ryzen™ 3000 Series Desktop Processors AMD Device Management Portal 3.0.0.895

AMD/AMD Ryzen™ 4000 Series Desktop Processors AMD Device Management Portal 3.0.0.895

AMD/AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics AMD Device Management Portal 3.0.0.895

AMD/AMD Ryzen™ 5000 Series Desktop Processors AMD Device Management Portal 3.0.0.895

AMD/AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics AMD Device Management Portal 3.0.0.895

AMD/AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics AMD Device Management Portal 3.0.0.895

AMD/AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics AMD Device Management Portal 3.0.0.895

AMD/AMD Ryzen™ 7000 Series Desktop Processors AMD Device Management Portal 3.0.0.895

... and 16 more

Published May 14, 2026

Tracked Since May 14, 2026