Login Sign Up

CVE-2025-48511

5.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in AMD uprof allows a local attacker to write to arbitrary physical memory addresses due to improper input validation. This could lead to system crashes or denial of service. Only systems with AMD processors using the vulnerable uprof component are affected.

💻 Affected Systems

Products:
  • AMD processors with uprof component
Versions: Specific versions not detailed in advisory; check AMD-SB-9019 for exact affected products
Operating Systems: Linux, Windows, Other OS with AMD processor support
Default Config Vulnerable: ⚠️ Yes
Notes: Requires local access to the system; exact processor models and firmware versions need verification from AMD advisory.

📦 What is this software?

Uprof by Amd

View all CVEs affecting Uprof →

Uprof by Amd

View all CVEs affecting Uprof →

Uprof by Amd

View all CVEs affecting Uprof →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or persistent denial of service requiring physical intervention to restore functionality.

🟠

Likely Case

System instability, application crashes, or temporary denial of service affecting the local machine.

🟢

If Mitigated

Limited impact with proper access controls and monitoring in place.

🌐 Internet-Facing: LOW - Requires local access to exploit.
🏢 Internal Only: MEDIUM - Local attackers on the same system could cause disruption.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and knowledge of physical memory layout; no public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check AMD advisory for specific firmware/BIOS updates

Vendor Advisory: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9019.html

Restart Required: Yes

Instructions:

1. Visit AMD advisory AMD-SB-9019
2. Identify affected processor model
3. Download appropriate firmware/BIOS update from AMD
4. Apply update following manufacturer instructions
5. Reboot system

🔧 Temporary Workarounds

Restrict local access

all

Limit physical and remote local access to systems with vulnerable AMD processors

Monitor system stability

all

Implement monitoring for system crashes or unusual behavior that could indicate exploitation attempts

🧯 If You Can't Patch

  • Isolate affected systems from critical networks
  • Implement strict access controls and monitoring for local privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check processor model and firmware version against AMD advisory AMD-SB-9019

Check Version:

Linux: 'sudo dmidecode -t bios' or 'cat /proc/cpuinfo'; Windows: 'wmic bios get smbiosbiosversion' or 'systeminfo'

Verify Fix Applied:

Verify firmware/BIOS version has been updated to patched version specified in AMD advisory

📡 Detection & Monitoring

Log Indicators:

  • System crash logs
  • Kernel panic messages
  • Unexpected system reboots

Network Indicators:

  • None - local exploitation only

SIEM Query:

Search for system crash events, kernel panics, or unexpected reboots on AMD systems

📊 Metadata

CVE ID: CVE-2025-48511
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-1285
EPSS Score: 0.02% exploit probability (5.2th percentile)
Published: November 24, 2025
Last Updated: November 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-48511, you might also want to check these:

CVE-2025-3755 9.1

A critical vulnerability in Mitsubishi Electric MELSEC iQ-F Series CPU modules allows remote unauthe...

Same vulnerability type (CWE-1285)
CVE-2024-36342 8.8

This vulnerability in AMD GPU drivers allows attackers to exploit a heap overflow through improper i...

Same vulnerability type (CWE-1285)
CVE-2022-21821 7.8

CVE-2022-21821 is an integer overflow vulnerability in NVIDIA's CUDA Toolkit SDK cuobjdump utility. ...

Same vulnerability type (CWE-1285)