Which versions of AMD PMF driver are affected by EUVD-2025-209866?

CVE-2025-48519 is a privilege escalation vulnerability in AMD's Platform Management Framework driver affecting Ryzen 6000/7000/8000 series processors.

How to fix or mitigate EUVD-2025-209866?

Within 24 hours: Inventory all systems with Ryzen 6000/7000/8000 series processors and current AMD chipset driver versions. Within 7 days: Deploy AMD chipset software version 7.06.02.123 or later to all affected systems via vendor-provided driver update mechanisms or OEM channels; prioritize systems with high-privilege users or sensitive data access. Within 30 days: Verify patch deployment across 100% of affected inventory and validate through driver version reporting tools.

AMD PMF driver EUVD-2025-209866

Q: What is the CVSS score of EUVD-2025-209866?

EUVD-2025-209866 has a CVSS 4.0 base score of 8.5 (High). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2025-48519 HIGH

Out-of-bounds Write (CWE-787)

2026-05-15 AMD

GHSA-g9q8-j7rw-6w88

Privilege Escalation Buffer Overflow Memory Corruption Amd

8.5

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

May 15, 2026 - 04:15 vuln.today

CVSS changed

May 15, 2026 - 02:22 NVD

8.5 (HIGH)

CVE Published

May 15, 2026 - 01:50 nvd

UNKNOWN (no severity yet)

CVE Published

May 15, 2026 - 01:50 nvd

HIGH 8.5

DescriptionNVD

An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read or write Out-of-Bounds, potentially resulting in privilege escalation

AnalysisAI

Out-of-bounds read/write in AMD Platform Management Framework (PMF) driver allows local authenticated users to escalate privileges on Ryzen 6000/7000/8000 series processors. AMD has released patched chipset software version 7.06.02.123 addressing the improper input validation vulnerability. No public exploit code identified and CISA has not added this to KEV, indicating exploitation is not yet confirmed in real-world attacks despite the high CVSS score. Attackers must already have local system access with standard user privileges to exploit this vulnerability.

Technical ContextAI

The AMD Platform Management Framework (PMF) driver is a kernel-mode component included in AMD Chipset Software packages for Ryzen processors. This driver manages power and performance features on AMD mobile and embedded platforms. The vulnerability stems from improper input validation (CWE-787: Out-of-bounds Write) where user-supplied input to the driver is not properly sanitized before being used in memory operations. This allows crafted IOCTL requests or other driver interfaces to cause the kernel driver to read or write memory outside allocated buffers. Since the driver operates at Ring 0 (kernel mode), successful exploitation allows an attacker to corrupt kernel memory structures, potentially hijacking execution flow or modifying security tokens to gain SYSTEM/root privileges. The affected CPE strings identify specific Ryzen processor generations (Rembrandt, Rembrandt R, Phoenix, Hawk Point) and their corresponding chipset driver packages across consumer mobile (6000/7000/8000 series) and embedded (8000 series) product lines.

RemediationAI

Install AMD Chipset Software version 7.06.02.123 or later, available from the AMD driver download portal or system manufacturer support sites. Download the appropriate installer (amd_chipset_software_7.06.02.123.exe for Windows systems) from https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html and follow the installation wizard. Reboot the system after installation to load the patched PMF driver. For enterprise deployments, distribute the updated driver package through existing software management systems (SCCM, Intune, Ansible). If immediate patching is not possible, implement compensating controls by restricting local logon access to trusted administrators only, disabling standard user accounts on affected systems, or deploying application control policies (AppLocker, Windows Defender Application Control) to block unsigned kernel driver loads. Note that restricting local access reduces usability on shared workstations and does not protect against insider threats or already-compromised user accounts. Verify patch deployment by checking driver version properties for the amd_pmf.sys file or querying AMD Chipset Software version through Windows Programs and Features.