CVE-2025-62625

Summary

Improper privilege management in the KVM key download component could allow an attacker to swap tokens and download sensitive keys, potentially resulting in unauthorized access to privileged resources and loss of confidentiality.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 7035 Series Processors with Radeon™ GraphicsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 7040 Series Mobile Processors with Radeon™ GraphicsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 7045 Series Mobile Processors with Radeon™ GraphicsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 3000 Series Desktop ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ Threadripper™ PRO 3000 WX-Series ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 7030 Series Mobile Processors with Radeon™ GraphicsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ Threadripper™ PRO 3000 WX-Series ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ Threadripper™ 3000 ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 9000HX Series ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ AI 300 Series ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ Threadripper™ PRO 5000 WX-Series ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 8000 Series Desktop ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 8000 Series Desktop ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 9000 Series Desktop ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 4000 Series Desktop ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 5000 Series Desktop ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 5000 Series Desktop Processors with Radeon™ GraphicsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 3000 Series Desktop ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 5000 Series Desktop ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 8040 Series Mobile Processors with Radeon™ GraphicsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 3000 Series Mobile Processors with Radeon™ GraphicsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ AI Max 300 Series ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ Threadripper™ 7000 ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDNot publicAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ Threadripper™ 9000 ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Ryzen™ Threadripper™ PRO 9000 WX-Series ProcessorsAMD Device Management Portal 3.0.0.895unaffected
AMDAMD Device Management Portal (ADMP)3.0.0.895unaffected

Weaknesses

  • CWE-269: CWE-269 Privilege Escalation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References