CVE-2025-62628 PUBLISHED

Assigner: AMD
Reserved: 16.10.2025 Published: 14.05.2026 Updated: 15.05.2026

Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 7

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	High	Integrity	None
Attack Requirements	None	Availability	High	Availability	None
Privileges Required	Low
User Interaction	Passive

CVSS 4.0

Product Status

Vendor	AMD
Product	AIM-T Manageability Service
Versions	Default: affected Version AIM-T Manageability Service 5.1.0.1382 is unaffected

Vendor	AMD
Product	AMD Cloud Manageability Service (ACMS)
Versions	Default: affected Version AMD Cloud Manageability Service (ACMS) 2.0.0.295 is unaffected

Vendor	AMD
Product	AMD Management Plug-In for SCCM
Versions	Default: affected Version AMD Management Plug-In for SCCM 8.0.0.1411 is unaffected

Vendor	AMD
Product	AMD Management Console (AMC)
Versions	Default: affected Version AMD Management Console (AMC) 12.0.0.1378 is unaffected

Vendor	AMD
Product	AMD Manageability API
Versions	Default: affected Version AMD Manageability API 8.0.0.346 is unaffected

Vendor	AMD
Product	DASH CLI - Command Line Application
Versions	Default: affected Version DASH CLI - Command Line Application 8.0.0.318 is unaffected

Credits

Reported through AMD Bug Bounty Program

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9024.html

Problem Types

CWE-427 Uncontrolled Search Path Element CWE