EUVD-2025-209847
GHSA-346w-gjpw-jf9r
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionNVD
Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution.
AnalysisAI
Arbitrary code execution in AMD optional tools occurs through DLL injection during unsafe OpenSSL initialization, allowing local authenticated attackers with low-privilege user access and user interaction to execute malicious code with high impact to confidentiality, integrity, and availability. The vulnerability stems from insecure library loading (CWE-427) where the affected AMD utilities fail to validate DLL search paths during OpenSSL library initialization. No active exploitation confirmed (not in CISA KEV) and no public exploit code identified at time of analysis, though the low attack complexity (AC:L) indicates straightforward exploitation once local access is obtained.
Technical ContextAI
This is a classic DLL search order hijacking vulnerability (CWE-427: Uncontrolled Search Path Element) affecting AMD's optional system utilities during OpenSSL cryptographic library initialization. When these tools load OpenSSL DLLs at runtime, they fail to specify absolute paths or validate the DLL search order, allowing attackers to place malicious DLLs in directories that Windows searches before legitimate library locations (such as application directory, current working directory, or PATH directories). The CVSS 4.0 vector indicates local attack vector (AV:L) with low complexity (AC:L), requiring low-privileged user access (PR:L) and user interaction (UI:P) - typically achieved by tricking a user into running the affected AMD tool from an attacker-controlled directory. The vulnerability scope is unchanged (SC:N/SI:N/SA:N), meaning exploitation occurs within the security context of the vulnerable tool itself rather than escaping to other system components.
RemediationAI
Consult AMD Security Bulletin AMD-SB-9024 at https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9024.html for patched versions of affected optional tools and apply vendor-recommended updates immediately. If the advisory specifies affected tool names, prioritize patching utilities that run with administrative privileges or are frequently used by privileged accounts. As an interim compensating control, restrict write access to directories in the Windows DLL search path for the affected AMD tools (application directory, current working directory, and system PATH locations) to prevent unauthorized DLL placement - note this requires identifying where these tools are installed and may break legitimate workflows if applied too broadly. Consider application whitelisting or AppLocker policies to prevent execution of unsigned DLLs from non-standard locations, though this adds operational overhead. If specific AMD tools are not required for business operations, uninstall them entirely to eliminate attack surface. Educate users with access to these tools not to run them from untrusted directories or network shares where attackers could plant malicious DLLs.
More from same product – last 7 days
VM escape in Kata Containers allows any Kubernetes user with pod-creation rights to break out of the VM sandbox and gain
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix watch_id bounds checking in debug a
In the Linux kernel, the following vulnerability has been resolved: ceph: only d_add() negative dentries when they are
In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of shared r
Share
External POC / Exploit Code
Leaving vuln.today