Login Sign Up

CVE-2025-29933

5.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in AMD uProf allows a local attacker to perform out-of-bounds memory writes through improper input validation. This could lead to application crashes or denial of service conditions. Only users running AMD uProf on their systems are affected.

💻 Affected Systems

Products:
  • AMD uProf
Versions: Versions prior to 3.6.732.0
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where AMD uProf is installed and running

📦 What is this software?

Uprof by Amd

View all CVEs affecting Uprof →

Uprof by Amd

View all CVEs affecting Uprof →

Uprof by Amd

View all CVEs affecting Uprof →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system instability or persistent denial of service requiring system reboot

🟠

Likely Case

Application crash affecting uProf functionality and potentially disrupting performance monitoring

🟢

If Mitigated

Limited impact to the uProf application only, with no system-wide effects

🌐 Internet-Facing: LOW - This is a local privilege vulnerability requiring local access
🏢 Internal Only: MEDIUM - Internal users with local access could disrupt monitoring tools

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of the vulnerability to exploit

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.6.732.0

Vendor Advisory: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9019.html

Restart Required: Yes

Instructions:

1. Download AMD uProf version 3.6.732.0 or later from AMD's official website
2. Uninstall the current vulnerable version
3. Install the updated version
4. Restart the system to ensure all components are properly loaded

🔧 Temporary Workarounds

Disable or remove AMD uProf

all

Uninstall AMD uProf if it's not essential for system operations

Windows: Control Panel > Programs > Uninstall a program > Select AMD uProf > Uninstall
Linux: sudo apt remove amduprof (or equivalent package manager command)

Restrict local access

all

Limit local user access to systems running AMD uProf

🧯 If You Can't Patch

  • Restrict local user privileges on affected systems
  • Monitor for abnormal uProf process behavior or crashes

🔍 How to Verify

Check if Vulnerable:

Check AMD uProf version in application settings or via command line: Windows - check installed programs list; Linux - check package version

Check Version:

Windows: Check in uProf GUI under Help > About; Linux: amduprof --version or check package manager

Verify Fix Applied:

Verify AMD uProf version is 3.6.732.0 or later

📡 Detection & Monitoring

Log Indicators:

  • AMD uProf application crashes
  • Access violations or memory errors in system logs
  • Unexpected termination of uProf processes

Network Indicators:

  • No network indicators - this is a local vulnerability

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="uProf.exe" OR Source="Application Error" AND Description contains "uProf"

📊 Metadata

CVE ID: CVE-2025-29933
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
EPSS Score: 0.02% exploit probability (4.4th percentile)
Published: November 24, 2025
Last Updated: November 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-29933, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)