Out of Bounds Read in AMD Platform Management Framework
CVE-2025-29937

5.8MEDIUM

Key Information:

Vendor: Amd
Status: Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics (formerly Codenamed "rembrandt R"); Amd Ryzen™ 7040 Series Mobile Processors With Radeon™ Graphics (formerly Codenamed "phoenix"); Amd Ryzen™ 8040 Series Mobile Processors With Radeon™ Graphics (formerly Codenamed "hawk Point"); Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics (formerly Codenamed "rembrandt")
Vendor: CVE Published:; 15 May 2026

What is CVE-2025-29937?

The AMD Platform Management Framework (PMF) has a vulnerability that allows for an out of bounds read, potentially enabling an attacker to access arbitrary memory locations. This exploit could lead to significant repercussions for system integrity, including a compromise in confidentiality and availability. Users are advised to apply the latest security updates to mitigate any risk associated with this vulnerability.

Affected Version(s)

AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics (formerly codenamed "Rembrandt") 7.06.02.123

AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics (formerly codenamed "Rembrandt R") 7.06.02.123

AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Phoenix") 7.06.02.123

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
Mar 12, 2025

Credit

Reported through AMD Bug Bounty Program

CVE-2025-29937 Data

JSON