CVE-2025-36357

Опубликовано: 08 июл. 2025

Источник: msrc

CVSS3: 5.6

EPSS Низкий

Описание

AMD: CVE-2025-36357 Transient Scheduler Attack in L1 Data Queue

The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability.

Please see the following for more information:

AMD-SB-7029

FAQ

Why is this AMD CVE included in the Security Update Guide?

Please see the following for more information:

AMD-SB-7029

Обновления

Продукт	Статья	Обновление
Windows Server 2016	5062560	Security Update
Windows 10 Version 1607 for 32-bit Systems	5062560	Security Update
Windows 10 Version 1607 for x64-based Systems	5062560	Security Update
Windows Server 2016 (Server Core installation)	5062560	Security Update
Windows 10 Version 1809 for 32-bit Systems	5062557	Security Update
Windows 10 Version 1809 for x64-based Systems	5062557	Security Update
Windows Server 2019	5062557	Security Update
Windows Server 2019 (Server Core installation)	5062557	Security Update
Windows Server 2022	5062572	Security Update
Windows Server 2022 (Server Core installation)	5062572	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 5%

0.00022

Низкий

5.6 Medium

CVSS3

Связанные уязвимости

CVE-2025-36357

CVSS3: 8

nvd

около 1 месяца назад

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system.

GHSA-6cc2-6px5-rx9p

CVSS3: 8

github

около 1 месяца назад

BDU:2025-09388