Missing Authentication in KVM Key Download Endpoint Affecting AMD Products
CVE-2025-62619

6.3MEDIUM

Key Information:

Vendor: Amd
Status: Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics; Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics; Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics; Amd Ryzen™ 7040 Series Mobile Processors With Radeon™ Graphics
Vendor: CVE Published:; 14 May 2026

What is CVE-2025-62619?

A security flaw exists in the KVM key download endpoint of AMD's Key Management System, where the lack of adequate authentication measures allows unauthenticated attackers to access sensitive keys. This exposure, if exploited, could lead to significant confidentiality breaches, as attackers with knowledge of the vulnerable URL could potentially retrieve sensitive cryptographic keys, undermining the integrity of systems relying on those keys.

Affected Version(s)

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics AMD Device Management Portal 3.0.0.895

AMD Device Management Portal (ADMP) 3.0.0.895

AMD Ryzen™ 3000 Series Desktop Processors AMD Device Management Portal 3.0.0.895

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
Oct 16, 2025

CVE-2025-62619 Data

JSON

Amd

What is CVE-2025-62619?

Affected Version(s)

References

CVSS V4

Timeline