ByteOS Network

Vulnerability Details :

CVE-2025-62624

Assigner-AMD

Assigner Org ID-b58fc414-a1e4-4f92-9d70-1add41838648

Published At-13 May, 2026 | 02:58

Updated At-14 May, 2026 | 14:38

A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:AMD

Assigner Org ID:b58fc414-a1e4-4f92-9d70-1add41838648

Published At:13 May, 2026 | 02:58

Updated At:14 May, 2026 | 14:38

▼CVE Numbering Authority (CNA)

A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Affected Products

Vendor

Advanced Micro Devices, Inc.

Product

ESXi 8.x and ESXi 9.x hosts using AMD-Pensando DPU products

Default Status

affected

Versions

Unaffected

ESXi 8.0U3i, included in VCF 5.2.3.0 or 9.0.2 releases

Problem Types

Type	CWE ID	Description
CWE	CWE-122	CWE-122 Heap-based Buffer Overflow

Type: CWE

CWE ID: CWE-122

Description: CWE-122 Heap-based Buffer Overflow

Metrics

Version	Base score	Base severity	Vector
4.0	8.8	HIGH	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Version: 4.0

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Credits

Reported through AMD Bug Bounty Program

References

Hyperlink	Resource
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-2001.html	N/A

Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-2001.html

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:psirt@amd.com

Published At:13 May, 2026 | 04:17

Updated At:13 May, 2026 | 14:49

A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	8.8	HIGH	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-122	Secondary	psirt@amd.com

CWE ID: CWE-122

Type: Secondary

Source: psirt@amd.com

References

Hyperlink	Source	Resource
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-2001.html	psirt@amd.com	N/A

Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-2001.html

Source: psirt@amd.com

Resource: N/A

Similar CVEs

3Records found

CVE-2025-62623

Matching Score-8

Assigner-Advanced Micro Devices Inc.

View Details

Matching Score-8

Assigner-Advanced Micro Devices Inc.

CVSS Score-8.8||HIGH

EPSS-0.01% / 3.19%

7 Day CHG~0.00%

Published-13 May, 2026 | 02:58

Updated-14 May, 2026 | 14:38

A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Vendor-Advanced Micro Devices, Inc.

Product-ESXi 8.x and ESXi 9.x hosts using AMD-Pensando DPU products

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2023-31317

Matching Score-8

Assigner-Advanced Micro Devices Inc.

View Details

Matching Score-8

Assigner-Advanced Micro Devices Inc.

CVSS Score-8.8||HIGH

EPSS-0.01% / 3.19%

7 Day CHG~0.00%

Published-15 May, 2026 | 02:47

Updated-16 May, 2026 | 03:56

Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution.

Vendor-Advanced Micro Devices, Inc.

Product-AMD Instinct™ MI250 AMD Radeon™ PRO W6000 Series Graphics Products AMD Radeon™ RX 6000 Series Graphics Products AMD Radeon™ PRO W7000 Series Graphics Products AMD Radeon™ RX 7000 Series Graphics Products AMD Instinct™ MI210

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2021-26330

Matching Score-6

Assigner-Advanced Micro Devices Inc.

View Details

Matching Score-6

Assigner-Advanced Micro Devices Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.12% / 30.91%

7 Day CHG~0.00%

Published-16 Nov, 2021 | 18:19

Updated-16 Sep, 2024 | 18:12

AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources.

Vendor-Advanced Micro Devices, Inc.

Product-epyc_7543 epyc_7502_firmware epyc_7402 epyc_7262_firmware epyc_7443_firmware epyc_7402p epyc_7343 epyc_7451 epyc_7252_firmware epyc_7282_firmware epyc_7543_firmware epyc_7542_firmware epyc_7f32 epyc_7763_firmware epyc_7551_firmware epyc_7272_firmware epyc_7713p epyc_7443 epyc_7513 epyc_7313p_firmware epyc_7252 epyc_7502p epyc_7232p_firmware epyc_7702 epyc_7302p_firmware epyc_7351p_firmware epyc_7453 epyc_7642_firmware epyc_7452 epyc_7513_firmware epyc_7543p_firmware epyc_7542 epyc_7401p epyc_7281_firmware epyc_7413_firmware epyc_7302 epyc_7601 epyc_7232p epyc_7002 epyc_7643_firmware epyc_7f52 epyc_7663 epyc_7552_firmware epyc_75f3 epyc_72f3_firmware epyc_7001 epyc_7f72 epyc_7f32_firmware epyc_7662 epyc_7502 epyc_7001_firmware epyc_75f3_firmware epyc_7662_firmware epyc_7f72_firmware epyc_7642 epyc_7451_firmware epyc_7343_firmware epyc_7532_firmware epyc_7281 epyc_7551 epyc_7502p_firmware epyc_7413 epyc_7301 epyc_7551p epyc_7313p epyc_7401p_firmware epyc_7002_firmware epyc_7313 epyc_7351p epyc_7551p_firmware epyc_7663_firmware epyc_7601_firmware epyc_7351_firmware epyc_7251 epyc_7532 epyc_7552 epyc_7302p epyc_7702p_firmware epyc_74f3_firmware epyc_7352 epyc_7763 epyc_7302_firmware epyc_7713_firmware epyc_7401 epyc_7402_firmware epyc_7742 epyc_7713p_firmware epyc_7272 epyc_73f3_firmware epyc_7702p epyc_7f52_firmware epyc_7262 epyc_7713 epyc_7003_firmware epyc_7443p_firmware epyc_7003 epyc_7251_firmware epyc_7401_firmware epyc_72f3 epyc_7643 epyc_7402p_firmware epyc_7452_firmware epyc_7351 epyc_7313_firmware epyc_7543p epyc_7443p epyc_7742_firmware epyc_7453_firmware epyc_7282 epyc_7501 epyc_7501_firmware epyc_7702_firmware epyc_74f3 epyc_7352_firmware epyc_7301_firmware epyc_73f3 2nd Gen AMD EPYC™3rd Gen AMD EPYC™1st Gen AMD EPYC™

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-62624

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Unaffected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs