Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable but requires an in-path MitM (AC:H) and the user must run the tool (UI:R); no auth needed (PR:N) and successful RCE compromises C/I/A fully.
Primary rating from Vendor (AMD).
CVSS VectorVendor: AMD
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution.
AnalysisAI
Man-in-the-middle attacks against AMD's optional desktop tools - AMD Management Console (AMC), AMD Ryzen Master, and AMD μProf - can lead to arbitrary code execution because the affected utilities transport data over plaintext HTTP rather than TLS. An attacker positioned on the network path between a victim workstation and the AMD endpoint can tamper with traffic (most plausibly update or telemetry channels) to substitute malicious content that is then executed by the tool. No public exploit identified at time of analysis and the issue is not in CISA KEV; EPSS data was not provided.
Technical ContextAI
The flaw is rooted in CWE-1428 (use of an insecure transport / reliance on HTTP instead of HTTPS), meaning one or more network calls performed by the tools are not protected by certificate-validated TLS. The affected products per the CPE data are AMD Management Console (cpe:2.3:a:amd:amd_management_console_(amc)), AMD Ryzen Master (cpe:2.3:a:amd:amd_ryzen™_master) and AMD μProf (cpe:2.3:a:amd:amd_µprof) - all Windows-side companion utilities that talk back to AMD-hosted services for updates, profiling assets, or telemetry. When such a client trusts the integrity of an unauthenticated HTTP channel for code, scripts, libraries, or installer payloads, an in-path attacker can swap the response and turn a benign download into native code execution in the user's session.
RemediationAI
Patch available per vendor advisory: update AMD Management Console, AMD Ryzen Master, and AMD μProf to the versions listed in AMD-SB-9027 (https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9027.html) - exact fix versions are not included in this dataset and should be taken directly from that bulletin. Until patching, uninstall the optional tools from systems that do not actively need them (none are required for CPU operation), and instruct users not to run AMC/Ryzen Master/μProf while connected to untrusted networks such as public Wi-Fi or shared hotel/conference LANs; route required usage through a trusted VPN so the HTTP traffic cannot be intercepted on the local segment. Egress filtering or HTTPS-only proxies can also block the cleartext fetches, with the side effect of breaking any tool feature (update check, telemetry, asset download) that depends on the insecure endpoint.
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36488
GHSA-7w59-qfq7-wqw6