Cyber Resilience

CVE-2025-54519

High

Published: 12 February 2026

Published
12 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0012 2.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-54519 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Amd (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 2.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-7 (Software, Firmware, and Information Integrity).

Deeper analysis

CVE-2025-54519 is a DLL hijacking vulnerability (CWE-427) in Doc Nav that could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. The vulnerability affects Doc Nav and was published on 2026-02-12 with a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability through low-complexity attack methods that require user interaction. Successful exploitation enables high-impact consequences, including unauthorized access to sensitive data, modification of system integrity, and disruption of availability, all within the original privilege context.

Mitigation details are provided in the AMD security bulletin AMD-SB-8013, available at https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-8013.html.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

CVE directly describes a DLL hijacking flaw (CWE-427) enabling local privilege escalation and arbitrary code execution, mapping to DLL Side-Loading and Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-29223Shared CWE-427
CVE-2024-9496Shared CWE-427
CVE-2025-48503Shared CWE-427
CVE-2022-28339Shared CWE-427
CVE-2025-69784Shared CWE-427
CVE-2024-55540Shared CWE-427
CVE-2024-9490Shared CWE-427
CVE-2025-0069Shared CWE-427
CVE-2025-57836Shared CWE-427
CVE-2025-21206Shared CWE-427

Affected Assets

Amd
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventdetect

Verifies integrity of executable code and libraries before loading, directly blocking replacement or hijacking of Doc Nav DLLs.

prevent

Restricts the application to only approved, signed DLLs and disables unsafe search-order behavior that enables the hijack.

preventdetect

Scans and blocks malicious DLLs at load time or via application whitelisting, mitigating the arbitrary-code-execution path.

References