AMD Ryzen Processors CVE-2025-0044

Q: What is the CVSS score of CVE-2025-0044?

CVE-2025-0044 has a CVSS 4.0 base score of 4.8 (Medium). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2025-209880 MEDIUM

Out-of-bounds Read (CWE-125)

2026-05-15 AMD

GHSA-vjjp-rpjm-8fq9

Buffer Overflow Information Disclosure

4.8

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

May 15, 2026 - 03:32 vuln.today

CVSS changed

May 15, 2026 - 03:22 NVD

4.8 (MEDIUM)

CVE Published

May 15, 2026 - 02:49 nvd

MEDIUM 4.8

DescriptionNVD

An out-of-bounds read in power management firmware by a malicious local attacker with low privileges could potentially lead to a partial loss of confidentiality and availability.

AnalysisAI

Out-of-bounds read in power management firmware affects AMD Ryzen AI, Ryzen 7000/8000 series mobile processors, Ryzen 8000 desktop processors, embedded processors, and Radeon graphics products. A local attacker with low privileges can read sensitive firmware data, potentially disclosing confidential information and causing availability degradation. CVSS 4.8 (low severity) reflects limited privilege requirements and contained impact, though the vulnerability affects a broad processor family.

Technical ContextAI

The vulnerability exists in AMD power management firmware, a privileged component handling processor power states and thermal management. CWE-125 (out-of-bounds read) indicates the firmware fails to properly validate buffer access boundaries, allowing reads beyond allocated memory regions. This firmware layer sits between the operating system and hardware, with access typically restricted to privileged code paths. The affected processors span AMD's modern consumer and commercial lineup across Ryzen AI, Ryzen 7040/8000/8040 series, and corresponding Radeon discrete and professional graphics products, suggesting a shared firmware vulnerability across multiple product lines.

RemediationAI

Update to patched firmware provided by AMD via BIOS/UEFI updates distributed through system OEMs and AMD's website at https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html. OEM-specific update mechanisms (ASUS, Lenovo, HP, Gigabyte, etc. for respective motherboards and laptops) will deliver the fix. Users should check their motherboard or laptop manufacturer's support page for the latest BIOS version containing the patched power management firmware. For organizations managing many systems, coordinate firmware updates during maintenance windows to avoid disruption to power state transitions. If immediate patching is unavailable, restrict access to low-privilege user accounts on affected systems where possible, though this offers incomplete protection since legitimate low-privilege processes may trigger the vulnerability inadvertently.

CVE-2025-0044 vulnerability details – vuln.today

Back

AMD Ryzen Processors CVE-2025-0044

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

AMD Ryzen Processors CVE-2025-0044

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code