Insecure Default Configuration in DDR5 Memory Module by AGESA Bootloader Firmware
CVE-2025-48516

6.9MEDIUM

Key Information:

Vendor: Amd
Status: Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics; Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics; Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics; Amd Ryzen™ 7040 Series Mobile Processors With Radeon™ Graphics
Vendor: CVE Published:; 15 May 2026

What is CVE-2025-48516?

The AGESA Bootloader Firmware for DDR5 memory modules is configured insecurely by default, enabling local users with sufficient privileges to exploit an unprotected PMIC interface. This vulnerability may result in a permanent denial of service condition or compromise the integrity of the memory module.

Affected Version(s)

AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics No fix planned

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics No fix planned

AMD Ryzen™ 3000 Series Desktop Processors No fix planned

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
May 22, 2025

CVE-2025-48516 Data

JSON

Amd

What is CVE-2025-48516?

Affected Version(s)

References

CVSS V4

Timeline