CVE-2025-0037 PUBLISHED

Assigner: AMD
Reserved: 21.11.2024 Published: 09.06.2025 Updated: 10.06.2025

In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVSS Score: 6.6

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	AMD
Product	Platform Loader and Manager (PLM)
Versions	Default: affected Version Refer to AMD-SB-8010 is affected

References

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8010.html

Problem Types

CWE-20 Improper Input Validation CWE