Login Sign Up

CVE-2025-48510

7.1 HIGH
Denial of Service

📋 TL;DR

An improper return value vulnerability in AMD uProf allows local attackers to bypass Kernel Security Lockdown Restrictions (KSLR), potentially enabling unauthorized access to sensitive system information or causing denial of service. This affects users running vulnerable versions of AMD uProf software on their systems.

💻 Affected Systems

Products:
  • AMD uProf
Versions: Specific versions not detailed in reference; consult AMD advisory for exact affected versions
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Requires local access to the system. KSLR bypass specifically affects AMD systems with this security feature enabled.

📦 What is this software?

Uprof by Amd

View all CVEs affecting Uprof →

Uprof by Amd

View all CVEs affecting Uprof →

Uprof by Amd

View all CVEs affecting Uprof →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through privilege escalation, allowing attackers to access sensitive kernel data, modify system configurations, or crash the system.

🟠

Likely Case

Local attackers bypass security restrictions to read protected kernel memory, potentially exposing sensitive information like encryption keys or credentials.

🟢

If Mitigated

Limited impact with proper access controls and monitoring, though some information disclosure may still occur.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system.
🏢 Internal Only: HIGH - Malicious insiders or compromised accounts with local access can exploit this to bypass security controls.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and understanding of AMD uProf's internal workings. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check AMD advisory for specific patched version

Vendor Advisory: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9019.html

Restart Required: Yes

Instructions:

1. Visit AMD security advisory page. 2. Download latest AMD uProf version. 3. Uninstall current version. 4. Install updated version. 5. Restart system.

🔧 Temporary Workarounds

Restrict uProf Access

all

Limit which users can run AMD uProf to reduce attack surface

Disable uProf Service

all

Stop and disable uProf service if not required

sudo systemctl stop amduprof (Linux)
sc stop "AMD uProf Service" (Windows)

🧯 If You Can't Patch

  • Implement strict access controls to limit who can run AMD uProf
  • Monitor for unusual uProf process activity and kernel access attempts

🔍 How to Verify

Check if Vulnerable:

Check AMD uProf version against advisory. Run: amduprof --version (Linux) or check program properties (Windows)

Check Version:

amduprof --version

Verify Fix Applied:

Verify installed version matches patched version from AMD advisory

📡 Detection & Monitoring

Log Indicators:

  • Unusual uProf process activity
  • Failed KSLR enforcement attempts
  • Unexpected kernel memory access

Network Indicators:

  • Local privilege escalation attempts typically don't generate network traffic

SIEM Query:

Process:amduprof AND (EventID:4688 OR ParentProcess:unusual)

📊 Metadata

CVE ID: CVE-2025-48510
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-394
EPSS Score: 0.02% exploit probability (4.5th percentile)
Published: November 24, 2025
Last Updated: November 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-48510, you might also want to check these:

CVE-2025-12515 9.8

This vulnerability in BLU-IC2 and BLU-IC4 devices allows attackers to trigger systemic internal serv...

Same vulnerability type (CWE-394)
CVE-2023-25948 7.5

This vulnerability allows attackers to obtain sensitive configuration data from Honeywell systems by...

Same vulnerability type (CWE-394)
CVE-2024-1713 7.2

This vulnerability in plv8 3.2.1 allows users with database object creation privileges to cause defe...

Same vulnerability type (CWE-394)