CVE-2025-62628

HIGH

AMD AIM-T Manageability Service - Uncontrolled Search Path Element via OpenSSL Initialization

Title source: llm

Description

Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution.

References (1)

Core 1

Core References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9024.html

Scores

CVSS v4 7.0

EPSS 0.0002

EPSS Percentile 4.3%

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-427

Status published

Products (6)

AMD/AIM-T Manageability Service AIM-T Manageability Service 5.1.0.1382

AMD/AMD Cloud Manageability Service (ACMS) AMD Cloud Manageability Service (ACMS) 2.0.0.295

AMD/AMD Manageability API AMD Manageability API 8.0.0.346

AMD/AMD Management Console (AMC) AMD Management Console (AMC) 12.0.0.1378

AMD/AMD Management Plug-In for SCCM AMD Management Plug-In for SCCM 8.0.0.1411

AMD/DASH CLI - Command Line Application DASH CLI - Command Line Application 8.0.0.318

Published May 14, 2026

Tracked Since May 14, 2026