Vulnerability in Amd Aim-t Manageability Service

CVE-2025-62628

Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution.

EPSS: 0.000 (4.2th percentile) — read the EPSS interpretation.

Affected products

Amd Aim-t Manageability Service — versions AIM-T Manageability Service 5.1.0.1382
Amd Cloud Manageability Service (Acms) — versions AMD Cloud Manageability Service (ACMS) 2.0.0.295
Amd Manageability Api — versions AMD Manageability API 8.0.0.346
Amd Management Console (Amc) — versions AMD Management Console (AMC) 12.0.0.1378
Amd Management Plug-in For Sccm — versions AMD Management Plug-In for SCCM 8.0.0.1411
Amd Dash Cli - Command Line Application — versions DASH CLI - Command Line Application 8.0.0.318

Weakness classification (CWE)

CWE-427 — Uncontrolled Search Path Element

References

psirt@amd.com