Improper Privilege Management in KVM Key Download Component by AMD
CVE-2025-62625

6MEDIUM

Key Information:

Vendor: Amd
Status: Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics; Amd Ryzen™ 7035 Series Processors With Radeon™ Graphics; Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics; Amd Ryzen™ 7040 Series Mobile Processors With Radeon™ Graphics
Vendor: CVE Published:; 14 May 2026

What is CVE-2025-62625?

The KVM key download component in AMD products suffers from improper privilege management. This vulnerability could enable an attacker to swap tokens, facilitating the unauthorized download of sensitive cryptographic keys. If exploited, this flaw may grant an attacker access to privileged resources, leading to potential data breaches and compromise of confidentiality. Organizations utilizing affected AMD platforms should prioritize mitigation measures to safeguard their systems.

Affected Version(s)

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics AMD Device Management Portal 3.0.0.895

AMD Device Management Portal (ADMP) 3.0.0.895

AMD Ryzen™ 3000 Series Desktop Processors AMD Device Management Portal 3.0.0.895

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
Oct 16, 2025

CVE-2025-62625 Data

JSON

Amd

What is CVE-2025-62625?

Affected Version(s)

References

CVSS V4

Timeline