AMD Server Software and Embedded Chipset Driver Vulnerabilities Identified in Windows Environments

Researchers reported vulnerabilities within AMD Secure Processor PCI, general purpose input output controller, and Revenera InstallShield. These are delivered as part of the AMD Server Software and Embedded Chipset Driver packages for Windows environments. The company has made mitigations available to address the issues. AMD released mitigations and recommends updating to the Windows driver versions for its EPYC series processors. The same advice applies to users of AMD EPYC embedded series processors. The updates mitigate the reported vulnerabilities in the driver packages. AMD thanked bug bounty researcher Aobo Wang for reporting CVE-2025-29944, CVE-2025-48512, and CVE-2025-48521. The company also credited Jörg Ellebruch for submitting the report on CVE-2025-0045. Ba1 Ma0 of Sichuan Surong Xinchuang Technology Co Ltd reported CVE-2026-0432. Whatevicanhaz reported CVE-2024-14012. The researchers engaged in coordinated vulnerability disclosure with the company.