CVE-2025-0028 - Vulnerability Details

- Unchecked Return Value Enables Arbitrary Read/Write in AMD PMF

Description

An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to read or modify an arbitrary address potentially resulting in loss of confidentiality, integrity, or availability.

Published: 2026-05-15

Score: 8.3 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An unchecked return value inside AMD Platform Management Framework permits an attacker to read or write any memory address, potentially compromising confidentiality, integrity, or availability. This flaw falls under CWE‑252 and could be used to trigger remote code execution or arbitrary privilege escalation.

Affected Systems

The vulnerability affects AMD Ryzen 6000, 7035, 7040, 8040 and Embedded 8000 Series processors that contain the Platform Management Framework component.

Risk and Exploitability

The CVSS score of 8.3 indicates high severity, while the EPSS score is unavailable and the flaw is not listed in CISA’s KEV catalog. An attacker would need access to the management interface or elevated privileges to exploit the unchecked return value, but once achieved, the ability to read or modify arbitrary addresses presents a significant escalation opportunity.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

AMD

AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics (formerly codenamed "Rembrandt R")

affected

Version	Status	Constraints
`7.06.02.123`	unaffected	—

AMD

AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Phoenix")

affected

Version	Status	Constraints
`7.06.02.123`	unaffected	—

AMD

AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Hawk Point")

affected

Version	Status	Constraints
`7.06.02.123`	unaffected	—

AMD

AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics (formerly codenamed "Rembrandt")

affected

Version	Status	Constraints
`7.06.02.123`	unaffected	—

AMD

AMD Ryzen™ Embedded 8000 Series Processors

affected

Version	Status	Constraints
`AMD Ryzen™ Chipset Driver 7.06.02.123`	unaffected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest BIOS/UEFI firmware update from AMD that addresses the Platform Management Framework issue.
If an update is not yet available, temporarily disable the Platform Management Framework or restrict access to the firmware management interface until the fix arrives.
Regularly monitor AMD security bulletins and update procedures to ensure that the firmware contains the latest mitigations.

Generated by OpenCVE AI on May 15, 2026 at 04:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact None

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00014.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html

History

Fri, 15 May 2026 04:45:00 +0000

Type	Values Removed	Values Added
Title		Unchecked Return Value Enables Arbitrary Read/Write in AMD PMF

Fri, 15 May 2026 03:00:00 +0000

Type	Values Removed	Values Added
Description		An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to read or modify an arbitrary address potentially resulting in loss of confidentiality, integrity, or availability.
Weaknesses		CWE-252
References		https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html
Metrics		cvssV4_0 `{'score': 8.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:H/SI:N/SA:H'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2026-05-15T01:52:29.933Z

Updated: 2026-05-15T13:27:14.509Z

Reserved: 2024-11-21T16:17:40.854Z

Link: CVE-2025-0028

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-15T03:16:21.080

Modified: 2026-05-15T14:10:17.083

Link: CVE-2025-0028

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-15T04:30:36Z

Weaknesses

CWE-252

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact None

Subsequent System Availability Impact High

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object