CVE-2025-54519
Published: 12 February 2026
Summary
CVE-2025-54519 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Amd (inferred from references). Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique DLL Side-Loading (T1574.002); ranked at the 5.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE directly describes a DLL hijacking flaw (CWE-427) enabling local privilege escalation and arbitrary code execution, mapping to DLL Side-Loading and Exploitation for Privilege Escalation.
NVD Description
A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
Deeper analysisAI
CVE-2025-54519 is a DLL hijacking vulnerability (CWE-427) in Doc Nav that could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. The vulnerability affects Doc Nav and was published on 2026-02-12 with a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability through low-complexity attack methods that require user interaction. Successful exploitation enables high-impact consequences, including unauthorized access to sensitive data, modification of system integrity, and disruption of availability, all within the original privilege context.
Mitigation details are provided in the AMD security bulletin AMD-SB-8013, available at https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-8013.html.
Details
- CWE(s)