Moole Vulnerability Database

Find real vulnerabilities before they ship

Medium

CVE-2025-62619

Missing authentication in the KVM key download endpoint could allow an unauthenticated attacker with knowledge of the exposed URL to retrieve sensitive keys, potentially leading to loss of confidentiality.

VectorNETWORK

PublishedMay 14, 2026, 15:16

Published Bypsirt@amd.com

Base Score

Score6.3

Affected Versions

No affected versions found.

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9023.html

Weakness Type

CWE-306

CVSS Metrics

Base Score

6.3

Vector String

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base SeverityMedium

Version

4.0

Attack Vector (AV)

NETWORK