CVE-2025-62625

MEDIUM

Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics - Improper Privilege Management

Title source: rule

Description

Improper privilege management in the KVM key download component could allow an attacker to swap tokens and download sensitive keys, potentially resulting in unauthorized access to privileged resources and loss of confidentiality.

References (1)

Core 1

Core References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9023.html

Scores

CVSS v4 6.0

EPSS 0.0005

EPSS Percentile 16.1%

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-269

Status published

Products (30)

AMD/AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics AMD Device Management Portal 3.0.0.895

AMD/AMD Device Management Portal (ADMP) 3.0.0.895

AMD/AMD Ryzen™ 3000 Series Desktop Processors AMD Device Management Portal 3.0.0.895

AMD/AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics AMD Device Management Portal 3.0.0.895

AMD/AMD Ryzen™ 4000 Series Desktop Processors AMD Device Management Portal 3.0.0.895

AMD/AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics AMD Device Management Portal 3.0.0.895

AMD/AMD Ryzen™ 5000 Series Desktop Processors AMD Device Management Portal 3.0.0.895

AMD/AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics AMD Device Management Portal 3.0.0.895

AMD/AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics AMD Device Management Portal 3.0.0.895

AMD/AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics AMD Device Management Portal 3.0.0.895

... and 20 more

Published May 14, 2026

Tracked Since May 14, 2026