CVE-2025-0035

Published: May 13, 2025Modified: May 13, 2025

7.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.3 / Impact: 5.9

Source: psirt@amd.com (Secondary)

Description

Unquoted search path within AMD Cloud Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.

Related CWEs

CWE-428

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (1)

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9015.html

Source: psirt@amd.com

Timeline

No history available yet.