CVE-2025-62628
7
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | AIM-T Manageability Service | AIM-T Manageability Service 5.1.0.1382 | unaffected |
| AMD | AMD Cloud Manageability Service (ACMS) | AMD Cloud Manageability Service (ACMS) 2.0.0.295 | unaffected |
| AMD | AMD Management Plug-In for SCCM | AMD Management Plug-In for SCCM 8.0.0.1411 | unaffected |
| AMD | AMD Management Console (AMC) | AMD Management Console (AMC) 12.0.0.1378 | unaffected |
| AMD | AMD Manageability API | AMD Manageability API 8.0.0.346 | unaffected |
| AMD | DASH CLI - Command Line Application | DASH CLI - Command Line Application 8.0.0.318 | unaffected |
Weaknesses
- CWE-427: CWE-427 Uncontrolled Search Path Element
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.