Skip to main content

AMD optional tools CVE-2025-62628

| EUVDEUVD-2025-209847 HIGH
Uncontrolled Search Path Element (CWE-427)
2026-05-14 psirt@amd.com GHSA-346w-gjpw-jf9r
7.0
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.0 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

2
Analysis Generated
May 14, 2026 - 15:31 vuln.today
CVE Published
May 14, 2026 - 15:16 nvd
HIGH 7.0

DescriptionCVE.org

Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution.

AnalysisAI

Arbitrary code execution in AMD optional tools occurs through DLL injection during unsafe OpenSSL initialization, allowing local authenticated attackers with low-privilege user access and user interaction to execute malicious code with high impact to confidentiality, integrity, and availability. The vulnerability stems from insecure library loading (CWE-427) where the affected AMD utilities fail to validate DLL search paths during OpenSSL library initialization. No active exploitation confirmed (not in CISA KEV) and no public exploit code identified at time of analysis, though the low attack complexity (AC:L) indicates straightforward exploitation once local access is obtained.

Technical ContextAI

This is a classic DLL search order hijacking vulnerability (CWE-427: Uncontrolled Search Path Element) affecting AMD's optional system utilities during OpenSSL cryptographic library initialization. When these tools load OpenSSL DLLs at runtime, they fail to specify absolute paths or validate the DLL search order, allowing attackers to place malicious DLLs in directories that Windows searches before legitimate library locations (such as application directory, current working directory, or PATH directories). The CVSS 4.0 vector indicates local attack vector (AV:L) with low complexity (AC:L), requiring low-privileged user access (PR:L) and user interaction (UI:P) - typically achieved by tricking a user into running the affected AMD tool from an attacker-controlled directory. The vulnerability scope is unchanged (SC:N/SI:N/SA:N), meaning exploitation occurs within the security context of the vulnerable tool itself rather than escaping to other system components.

RemediationAI

Consult AMD Security Bulletin AMD-SB-9024 at https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9024.html for patched versions of affected optional tools and apply vendor-recommended updates immediately. If the advisory specifies affected tool names, prioritize patching utilities that run with administrative privileges or are frequently used by privileged accounts. As an interim compensating control, restrict write access to directories in the Windows DLL search path for the affected AMD tools (application directory, current working directory, and system PATH locations) to prevent unauthorized DLL placement - note this requires identifying where these tools are installed and may break legitimate workflows if applied too broadly. Consider application whitelisting or AppLocker policies to prevent execution of unsigned DLLs from non-standard locations, though this adds operational overhead. If specific AMD tools are not required for business operations, uninstall them entirely to eliminate attack surface. Educate users with access to these tools not to run them from untrusted directories or network shares where attackers could plant malicious DLLs.

CVE-2014-0160 HIGH POC
7.5 Apr 07

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe

CVE-2014-0195 MEDIUM POC
6.8 Jun 05

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2016-0800 MEDIUM POC
5.9 Mar 01

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to se

CVE-2015-0204 MEDIUM POC
4.3 Jan 09

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k

CVE-2014-3566 LOW POC
3.4 Oct 15

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak

CVE-2016-2107 MEDIUM POC
5.9 May 05

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a

CVE-2015-1793 MEDIUM POC
6.5 Jul 09

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly

CVE-2022-3602 HIGH
7.5 Nov 01

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Rated hig

CVE-2014-3470 MEDIUM
4.3 Jun 05

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before

CVE-2017-3730 HIGH POC
7.5 May 04

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this

CVE-2016-8610 HIGH
7.5 Nov 13

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto

Share

CVE-2025-62628 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy