CVE-2025-62628

Summary

Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
AMDAIM-T Manageability ServiceAIM-T Manageability Service 5.1.0.1382unaffected
AMDAMD Cloud Manageability Service (ACMS)AMD Cloud Manageability Service (ACMS) 2.0.0.295unaffected
AMDAMD Management Plug-In for SCCMAMD Management Plug-In for SCCM 8.0.0.1411unaffected
AMDAMD Management Console (AMC)AMD Management Console (AMC) 12.0.0.1378unaffected
AMDAMD Manageability APIAMD Manageability API 8.0.0.346unaffected
AMDDASH CLI - Command Line ApplicationDASH CLI - Command Line Application 8.0.0.318unaffected

Weaknesses

  • CWE-427: CWE-427 Uncontrolled Search Path Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References