Use-After-Free Vulnerability in AMD Secure Processor PCI Driver
CVE-2025-48521

6.9MEDIUM

Key Information:

Vendor: Amd
Status: Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics (formerly Codenamed "renoir"); Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics (formerly Codenamed "rembrandt R"); Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics (formerly Codenamed "picasso"); Amd Ryzen™ 7040 Series Mobile Processors With Radeon™ Graphics (formerly Codenamed "phoenix")
Vendor: CVE Published:; 15 May 2026

What is CVE-2025-48521?

An improper input validation vulnerability in the AMD Secure Processor PCI driver allows a local attacker to exploit a Use-After-Free (UAF) condition. This exploit may lead to significant repercussions such as the potential compromise of platform integrity or system crashes, highlighting the critical need for users to apply necessary patches to maintain security and stability.

Affected Version(s)

AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics (formerly codenamed "Picasso") AMD Ryzen™ Chipset Driver 7.02.13.148

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Dali") AMD Ryzen™ Chipset Driver 7.02.13.148

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Picasso") AMD Ryzen™ Chipset Driver 7.02.13.148

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
May 22, 2025

Credit

Reported through AMD Bug Bounty Program

CVE-2025-48521 Data

JSON

Amd

What is CVE-2025-48521?

Affected Version(s)

References

CVSS V4

Timeline

Credit