Action not permitted
Modal body text goes here.
Modal Title
Modal Body
FKIE_CVE-2025-48512
Vulnerability from fkie_nvd - Published: 2026-05-15 02:16 - Updated: 2026-05-15 14:10
Severity ?
Summary
Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could allow an attacker to achieve privilege escalation resulting in arbitrary code execution."
}
],
"id": "CVE-2025-48512",
"lastModified": "2026-05-15T14:10:17.083",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "psirt@amd.com",
"type": "Secondary"
}
]
},
"published": "2026-05-15T02:16:22.597",
"references": [
{
"source": "psirt@amd.com",
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3047.html"
},
{
"source": "psirt@amd.com",
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html"
}
],
"sourceIdentifier": "psirt@amd.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "psirt@amd.com",
"type": "Secondary"
}
]
}
CVE-2025-48512 (GCVE-0-2025-48512)
Vulnerability from cvelistv5 – Published: 2026-05-15 01:45 – Updated: 2026-05-16 03:56
VLAI?
EPSS
Summary
Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
55 products
Date Public ?
2026-05-15 01:49
Credits
Reported through AMD Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-16T03:56:09.610Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Renoir\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics (formerly codenamed \"Rembrandt R\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Picasso\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Phoenix\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics (formerly codenamed \"Mendocino\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Dragon Range\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors (formerly codenamed \"Raphael\"/\"Raphael X3D\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Desktop Processors (formerly codenamed \"Matisse\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors (formerly codenamed \"Castle Peak\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Barcelo R\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors (formerly codenamed \"Castle Peak\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Processors (formerly codenamed \"Castle Peak\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 9000HX Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 AI 300 Series Processors (formerly codenamed \"Strix Point\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics (formerly codenamed \"Picasso\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000 WX-Series Processors (formerly codenamed \"Chagall\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 7000 Processors (formerly codenamed \"Storm Peak\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors (formerly codenamed \"Storm Peak\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors (formerly codenamed \"Raphael\"/\"Raphael-X3D\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 8000 Series Desktop Processors (formerly codenamed \"Phoenix\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 8000 Series Desktop Processors (formerly codenamed \"Phoenix\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 9000 Series Desktop Processors (formerly codenamed \"Granite Ridge\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Cezanne\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Lucienne\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Barcelo\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processors (formerly codenamed \"Renoir\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors (formerly codenamed \"Vermeer\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics (formerly codenamed \"Cezanne\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Desktop Processors (formerly codenamed \"Matisse\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors (formerly codenamed \"Vermeer\"/\"Vermeer-X3D\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Hawk Point\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Dali\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics (formerly codenamed \"Dali\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics (formerly codenamed \"Rembrandt\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 AI Max 300 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Z1 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "25Q3 AMD Emb [R1000 V1000] Win\u00ae Chipset WHQL certified driver - (71252)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Q2 - 2025 AMD Embedded R2000, V2000 Windows\u00ae Chipset drivers (68915)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V1000 Series Processors (formerly codenamed \"Raven Ridge\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "25Q3 AMD Emb [R1000 V1000] Win\u00ae Chipset WHQL certified driver - (71252)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Q2 - 2025 AMD Embedded R2000, V2000 Windows\u00ae Chipset drivers (68915)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 8004 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Q4 - 2025 AMD Embedded Windows\u00ae Chipset drivers (71816)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 8000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows\u00ae Chipset drivers [7.06.02.123] (68927)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows\u00ae Chipset drivers [7.06.02.123] (68927)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9005 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Q4 - 2025 AMD Embedded Windows\u00ae Chipset drivers (71816)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 9000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows\u00ae Chipset drivers [7.06.02.123] (68927)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Server Software 8.03.16.641"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Server Software 8.03.14.329"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7002 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Server Software 8.03.14.329"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7001 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Server Software 8.03.14.329"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 4004 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Chipset Driver 7.04.09.545"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9005 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Server Software 8.03.16.641"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Server Software 8.03.16.641"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9V64H Processor",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Server Software 8.03.16.641"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 8004 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Server Software 8.03.16.641"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 4005 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Chipset Driver 7.04.09.545"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported through AMD Bug Bounty Program"
}
],
"datePublic": "2026-05-15T01:49:24.634Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.\u003cbr\u003e"
}
],
"value": "Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could allow an attacker to achieve privilege escalation resulting in arbitrary code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T01:50:06.870Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3047.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-48512",
"datePublished": "2026-05-15T01:45:05.943Z",
"dateReserved": "2025-05-22T16:34:07.747Z",
"dateUpdated": "2026-05-16T03:56:09.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…