Unsafe OpenSSL Initialization Vulnerability in AMD Optional Tools
CVE-2025-62628

7HIGH

Key Information:

Vendor: Amd
Status: Aim-t Manageability Service; Amd Cloud Manageability Service (acms); Amd Management Plug-in For Sccm; Amd Management Console (amc)
Vendor: CVE Published:; 14 May 2026

What is CVE-2025-62628?

A local user-privileged attacker can exploit unsafe OpenSSL initialization present in certain AMD optional tools, enabling the injection of a malicious DLL. This security flaw poses a risk of arbitrary code execution, compromising the integrity and security of the affected system. Users are encouraged to review their AMD tools for updates and patches to mitigate this vulnerability.

Affected Version(s)

AIM-T Manageability Service AIM-T Manageability Service 5.1.0.1382

AMD Cloud Manageability Service (ACMS) AMD Cloud Manageability Service (ACMS) 2.0.0.295

AMD Manageability API AMD Manageability API 8.0.0.346

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
Oct 16, 2025

Credit

Reported through AMD Bug Bounty Program

CVE-2025-62628 Data

JSON

Amd

What is CVE-2025-62628?

Affected Version(s)

References

CVSS V4

Timeline

Credit