Cyber Resilience

CVE-2025-52541

High

Published: 11 February 2026

Published
11 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0015 4.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-52541 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Amd (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 4.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-3 (Malicious Code Protection) and SI-7 (Software, Firmware, and Information Integrity).

Deeper analysis

CVE-2025-52541 is a DLL hijacking vulnerability (CWE-427) in Vivado that could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. The vulnerability carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) and was published on 2026-02-11T15:16:15.403.

A local attacker with low privileges (PR:L) can exploit this vulnerability, which has low attack complexity (AC:L) but requires user interaction (UI:R). Successful exploitation enables privilege escalation and arbitrary code execution with high impacts on confidentiality, integrity, and availability.

AMD has published security bulletin AMD-SB-8013 with details on the vulnerability at https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-8013.html.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

CVE directly describes DLL hijacking (CWE-427) enabling local privilege escalation and arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-9492Shared CWE-427
CVE-2025-33229Shared CWE-427
CVE-2026-3091Shared CWE-427
CVE-2026-21420Shared CWE-427
CVE-2024-29223Shared CWE-427
CVE-2026-7279Shared CWE-427
CVE-2024-9496Shared CWE-427
CVE-2025-48503Shared CWE-427
CVE-2024-9497Shared CWE-427
CVE-2026-22619Shared CWE-427

Affected Assets

Amd
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces cryptographic or digital-signature verification of DLLs before loading, directly blocking the malicious replacement that enables the hijack in Vivado.

preventdetect

Malicious-code detection mechanisms can identify and block unauthorized DLLs placed in Vivado's search path before they execute.

prevent

Least-privilege execution of Vivado limits the scope of privilege escalation that a successful DLL hijack can achieve.

References