Auth bypass in Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics

CVE-2025-62619

Missing authentication in the KVM key download endpoint could allow an unauthenticated attacker with knowledge of the exposed URL to retrieve sensitive keys, potentially leading to loss of confidentiality.

Vulnerability class: Broken Authentication

EPSS: 0.001 (26.6th percentile) — read the EPSS interpretation.

Affected products

Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics — versions AMD Device Management Portal 3.0.0.895
Amd Device Management Portal (Admp) — versions 3.0.0.895
Amd Ryzen™ 3000 Series Desktop Processors — versions AMD Device Management Portal 3.0.0.895
Amd Ryzen™ 4000 Series Desktop Processors — versions AMD Device Management Portal 3.0.0.895
Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics — versions AMD Device Management Portal 3.0.0.895
Amd Ryzen™ 5000 Series Desktop Processors — versions AMD Device Management Portal 3.0.0.895
Amd Ryzen™ 5000 Series Desktop Processors With Radeon™ Graphics — versions AMD Device Management Portal 3.0.0.895
Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics — versions AMD Device Management Portal 3.0.0.895
Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics — versions AMD Device Management Portal 3.0.0.895
Amd Ryzen™ 7000 Series Desktop Processors — versions AMD Device Management Portal 3.0.0.895

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

psirt@amd.com