Input Validation Flaw in AMD Platform Management Framework Driver
CVE-2025-48519

8.5HIGH

Key Information:

Vendor: Amd
Status: Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics (formerly Codenamed "rembrandt R"); Amd Ryzen™ 7040 Series Mobile Processors With Radeon™ Graphics (formerly Codenamed "phoenix"); Amd Ryzen™ 8040 Series Mobile Processors With Radeon™ Graphics (formerly Codenamed "hawk Point"); Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics (formerly Codenamed "rembrandt")
Vendor: CVE Published:; 15 May 2026

What is CVE-2025-48519?

The AMD Platform Management Framework (PMF) driver contains an improper input validation vulnerability that can be exploited by local attackers. This flaw allows for potential out-of-bounds reading or writing, which could lead to unauthorized privilege escalation. Users and administrators are advised to monitor their systems for any unusual activity and ensure that they are running the latest firmware updates as a precaution. More details can be found in the official AMD security bulletin.

Affected Version(s)

AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics (formerly codenamed "Rembrandt") 7.06.02.123

AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics (formerly codenamed "Rembrandt R") 7.06.02.123

AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Phoenix") 7.06.02.123

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
May 22, 2025

Credit

Reported through AMD Bug Bounty Program

CVE-2025-48519 Data

JSON

Amd

What is CVE-2025-48519?

Affected Version(s)

References

CVSS V4

Timeline

Credit