Cyber Resilience

CVE-2023-31361

High

Published: 11 February 2025

Published
11 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0024 15.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2023-31361 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Amd (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 15.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2023-31361 is a DLL hijacking vulnerability in the AMD Integrated Management Technology (AIM-T) Manageability Service. Published on 2025-02-11, this issue, classified under CWE-427 (Untrusted Search Path), carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H) and could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

The vulnerability can be exploited by an attacker with local access to the affected system and low privileges. Exploitation requires low complexity but user interaction, such as running a malicious DLL in a context where the service searches an untrusted path. Successful attacks enable high-impact confidentiality, integrity, and availability violations through privilege escalation and arbitrary code execution.

AMD has published security bulletin AMD-SB-9012, available at https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9012.html, which provides further details on the vulnerability and mitigation measures.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A DLL hijacking vulnerability in AMD Integrated Management Technology (AIM-T) Manageability Service could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

CVE directly describes DLL hijacking via untrusted search path (T1038) enabling local privilege escalation and code execution (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-7279Shared CWE-427
CVE-2024-9497Shared CWE-427
CVE-2026-3775Shared CWE-427
CVE-2025-65118Shared CWE-427
CVE-2024-9494Shared CWE-427
CVE-2024-9499Shared CWE-427
CVE-2024-9495Shared CWE-427
CVE-2026-24502Shared CWE-427
CVE-2024-9492Shared CWE-427
CVE-2025-33229Shared CWE-427

Affected Assets

Amd
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Remediating the specific DLL hijacking flaw in AMD AIM-T Manageability Service via vendor patches from AMD-SB-9012 directly prevents exploitation.

prevent

Requiring digital signatures for DLLs and other components ensures the service only loads trusted binaries, blocking malicious DLLs from untrusted paths.

prevent

Secure configuration settings for DLL search order and path restrictions prevent the service from loading DLLs from writable or untrusted directories.

References