Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.
AnalysisAI
Privilege escalation in AMD GPIO controller driver for Windows allows authenticated local users with low privileges to execute arbitrary code with elevated rights via insecure directory permissions. Affects nearly the entire AMD processor portfolio from Ryzen 3000-series through latest EPYC 9005 and Ryzen AI 300. AMD has released patched chipset drivers (version 7.04.09.545 for most desktop/mobile products, 8.03.16.641 for server platforms) addressing the vulnerability. EPSS score and KEV status not provided in source data, but the local attack vector and user interaction requirement limit remote exploitation risk despite the 7.0 CVSS score.
Technical ContextAI
The vulnerability resides in AMD's GPIO (General-Purpose Input/Output) controller driver for Windows, classified as CWE-276 (Incorrect Default Permissions). GPIO controllers provide low-level hardware access for processor pin control and system management functions. The installation directory permissions issue allows users with limited privileges to modify or replace driver components. This affects AMD's chipset driver package across multiple processor architectures spanning seven years of product releases, from Zen 2 (Matisse/Picasso) through Zen 5 (Granite Ridge/Strix Point), including desktop Ryzen, mobile APUs, Threadripper workstation processors, and datacenter EPYC platforms. The CPE strings identify affected products as AMD Ryzen 3000-9000 series, Athlon 3000 series, Threadripper 3000-7000 series, and EPYC 7001-9005 series processors. The vulnerability exists in the Windows driver installation mechanism rather than processor silicon, indicating a software packaging/deployment flaw in AMD's chipset driver distribution.
RemediationAI
Install patched AMD chipset drivers immediately: version 7.04.09.545 for consumer desktop/mobile platforms (Ryzen 3000-9000, Threadripper, Athlon), version 8.03.16.641 for server platforms (EPYC 9004/9005, Instinct MI300A), version 8.03.14.329 for EPYC 7001-7003 series, or product-specific versions for embedded systems as detailed in AMD security bulletin AMD-SB-4015 (https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html). Patched drivers are available through AMD Download Center or Windows Update depending on OEM configuration. For systems where immediate patching is not feasible, implement compensating controls: restrict physical and RDP access to trusted users only, enable Windows User Account Control at highest setting to force elevation prompts, monitor AMD GPIO driver directory (typically C:\Program Files\AMD or C:\AMD) for unauthorized file modifications using file integrity monitoring tools, and apply principle of least privilege by removing local administrator rights from standard user accounts. Note that disabling the GPIO driver may impact system stability or hardware monitoring functionality depending on motherboard implementation. Validate patch deployment by verifying driver version in Device Manager under System Devices or via PowerShell command Get-WmiObject Win32_PnPSignedDriver filtering for AMD GPIO. Organizations using AMD EPYC embedded systems should consult OEM vendors for firmware updates incorporating patched drivers, with some embedded platforms not receiving fixes until Q2-Q4 2025 per AMD's disclosure timeline.
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.
An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated criti
plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vu
AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of se
An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high
AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),
AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),
A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rate
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209861
GHSA-jgpx-6rhq-7873