Improper input validation in Amd Platform Loader And Manager (Plm)

CVE-2025-0037

In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (4.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.6 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-0037?
CVE-2025-0037 is a medium-severity vulnerability in Amd Platform Loader And Manager (Plm), classified under Improper Input Validation. CVSS score: 6.6/10. Published 2025-06-10.
How severe is CVE-2025-0037?
Medium severity. CVSS v3 base score is 6.6 out of 10.