CVE-2023-31361

High

Published: 11 February 2025

Published

11 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0004 13.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

A DLL hijacking vulnerability in AMD Integrated Management Technology (AIM-T) Manageability Service could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

Security Summary

CVE-2023-31361 is a DLL hijacking vulnerability in the AMD Integrated Management Technology (AIM-T) Manageability Service. Published on 2025-02-11, this issue, classified under CWE-427 (Untrusted Search Path), carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H) and could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

The vulnerability can be exploited by an attacker with local access to the affected system and low privileges. Exploitation requires low complexity but user interaction, such as running a malicious DLL in a context where the service searches an untrusted path. Successful attacks enable high-impact confidentiality, integrity, and availability violations through privilege escalation and arbitrary code execution.

AMD has published security bulletin AMD-SB-9012, available at https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9012.html, which provides further details on the vulnerability and mitigation measures.

Details

CWE(s): CWE-427

References

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9012.html
psirt@amd.com