Skip to main content

AMD PMF driver CVE-2025-48519

| EUVDEUVD-2025-209866 HIGH
Out-of-bounds Write (CWE-787)
2026-05-15 AMD GHSA-g9q8-j7rw-6w88
8.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.5 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
May 15, 2026 - 04:15 vuln.today
CVSS changed
May 15, 2026 - 02:22 NVD
8.5 (HIGH)
CVE Published
May 15, 2026 - 01:50 nvd
UNKNOWN (no severity yet)
CVE Published
May 15, 2026 - 01:50 nvd
HIGH 8.5

DescriptionCVE.org

An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read or write Out-of-Bounds, potentially resulting in privilege escalation

AnalysisAI

Out-of-bounds read/write in AMD Platform Management Framework (PMF) driver allows local authenticated users to escalate privileges on Ryzen 6000/7000/8000 series processors. AMD has released patched chipset software version 7.06.02.123 addressing the improper input validation vulnerability. No public exploit code identified and CISA has not added this to KEV, indicating exploitation is not yet confirmed in real-world attacks despite the high CVSS score. Attackers must already have local system access with standard user privileges to exploit this vulnerability.

Technical ContextAI

The AMD Platform Management Framework (PMF) driver is a kernel-mode component included in AMD Chipset Software packages for Ryzen processors. This driver manages power and performance features on AMD mobile and embedded platforms. The vulnerability stems from improper input validation (CWE-787: Out-of-bounds Write) where user-supplied input to the driver is not properly sanitized before being used in memory operations. This allows crafted IOCTL requests or other driver interfaces to cause the kernel driver to read or write memory outside allocated buffers. Since the driver operates at Ring 0 (kernel mode), successful exploitation allows an attacker to corrupt kernel memory structures, potentially hijacking execution flow or modifying security tokens to gain SYSTEM/root privileges. The affected CPE strings identify specific Ryzen processor generations (Rembrandt, Rembrandt R, Phoenix, Hawk Point) and their corresponding chipset driver packages across consumer mobile (6000/7000/8000 series) and embedded (8000 series) product lines.

RemediationAI

Install AMD Chipset Software version 7.06.02.123 or later, available from the AMD driver download portal or system manufacturer support sites. Download the appropriate installer (amd_chipset_software_7.06.02.123.exe for Windows systems) from https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html and follow the installation wizard. Reboot the system after installation to load the patched PMF driver. For enterprise deployments, distribute the updated driver package through existing software management systems (SCCM, Intune, Ansible). If immediate patching is not possible, implement compensating controls by restricting local logon access to trusted administrators only, disabling standard user accounts on affected systems, or deploying application control policies (AppLocker, Windows Defender Application Control) to block unsigned kernel driver loads. Note that restricting local access reduces usability on shared workstations and does not protect against insider threats or already-compromised user accounts. Verify patch deployment by checking driver version properties for the amd_pmf.sys file or querying AMD Chipset Software version through Windows Programs and Features.

More in Amd

View all
CVE-2021-22986 CRITICAL POC
9.8 Mar 31

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.

CVE-2020-6103 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6102 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6101 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6100 CRITICAL POC
9.9 Jul 20

An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated criti

CVE-2018-6546 CRITICAL POC
9.8 Apr 13

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming

CVE-2021-3653 HIGH POC
8.8 Sep 29

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vu

CVE-2020-12138 HIGH POC
8.8 Apr 27

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of se

CVE-2019-5098 HIGH POC
8.6 Dec 05

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high

CVE-2015-7724 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2015-7723 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2023-1048 HIGH POC
7.8 Feb 26

A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rate

Share

CVE-2025-48519 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy