#VU117652 Insufficient Entropy in AMD products - CVE-2025-62626
Published: October 24, 2025
Vulnerability identifier: #VU117652
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-62626
CWE-ID: CWE-331
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
AMD EPYC 9005
AMD EPYC Embedded 9005
Ryzen 9000
Ryzen 9000HX
Ryzen AI 300
Ryzen AI Z2
Ryzen AI Max 300
Ryzen Threadripper 9000
Ryzen Threadripper PRO 9000 WX
Ryzen Z2
AMD EPYC Embedded 4005
Ryzen Embedded 9000
AMD EPYC 9005
AMD EPYC Embedded 9005
Ryzen 9000
Ryzen 9000HX
Ryzen AI 300
Ryzen AI Z2
Ryzen AI Max 300
Ryzen Threadripper 9000
Ryzen Threadripper PRO 9000 WX
Ryzen Z2
AMD EPYC Embedded 4005
Ryzen Embedded 9000
Software vendor:
AMD
AMD
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient entropy in Zen 5 processors, which causes the RDSEED instruction to return 0 at a rate inconsistent with randomness while incorrectly signaling success (CF=1), indicating a potential misclassification of failure as success. A local user can escalate privileges on the system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.