AMD Ryzen 9000HX Processors prior FireRangeFL1PI 1.0.0.0e entropy in trng
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.1 | $0-$5k | 0.00 |
Summary
A vulnerability classified as problematic has been found in AMD Ryzen 9000HX Processors. This affects an unknown part. The manipulation leads to entropy in trng. This vulnerability is traded as CVE-2025-62626. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
Details
A vulnerability was found in AMD Ryzen 9000HX Processors. It has been rated as problematic. This issue affects some unknown processing. The manipulation with an unknown input leads to a entropy in trng vulnerability. Using CWE to declare the problem leads to CWE-333. True random number generators (TRNG) generally have a limited source of entropy and therefore can fail or block. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values.
The advisory is shared at amd.com. The identification of this vulnerability is CVE-2025-62626 since 10/16/2025. The exploitation is known to be easy. An attack has to be approached locally. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1600.001 for this issue.
The vulnerability scanner Nessus provides a plugin with the ID 277748 (Amazon Linux 2 : linux-firmware, --advisory ALAS2-2025-3092 (ALAS-2025-3092)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version FireRangeFL1PI 1.0.0.0e eliminates this vulnerability.
The vulnerability is also documented in the databases at Tenable (277748) and EUVD (EUVD-2025-198505). If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Vendor
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CNA CVSS-B Score: 🔒
CNA CVSS-BT Score: 🔒
CNA Vector: 🔒
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 5.1
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: entropy in trngCWE: CWE-333 / CWE-331 / CWE-330
CAPEC: 🔒
ATT&CK: 🔒
Physical: Partially
Local: Yes
Remote: No
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 277748
Nessus Name: Amazon Linux 2 : linux-firmware, --advisory ALAS2-2025-3092 (ALAS-2025-3092)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: Ryzen 9000HX Processors FireRangeFL1PI 1.0.0.0e
Timeline
10/16/2025 CVE reserved11/21/2025 Advisory disclosed
11/21/2025 VulDB entry created
12/09/2025 VulDB entry last update
Sources
Advisory: amd.comStatus: Confirmed
CVE: CVE-2025-62626 (🔒)
GCVE (CVE): GCVE-0-2025-62626
GCVE (VulDB): GCVE-100-333269
EUVD: 🔒
Entry
Created: 11/21/2025 21:15Updated: 12/09/2025 07:12
Changes: 11/21/2025 21:15 (64), 11/22/2025 03:21 (1), 12/09/2025 07:12 (2)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.