← Back
2026-05-13 2:58CVE-2025-62624AMD
PUBLISHED5.2CWE-122

A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Problem type

Affected products

AMD

ESXi 8.x and ESXi 9.x hosts using AMD-Pensando DPU products

ESXi 8.0U3i, included in VCF 5.2.3.0 or 9.0.2 releases - UNAFFECTED

References

amd.com

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-2001.html

JSON source

https://cveawg.mitre.org/api/cve/CVE-2025-62624
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-62624",
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "dateUpdated": "2026-05-13T02:58:55.265Z",
    "dateReserved": "2025-10-16T20:46:13.455Z",
    "datePublished": "2026-05-13T02:58:55.265Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD",
        "dateUpdated": "2026-05-13T02:58:55.265Z"
      },
      "datePublic": "2026-05-13T02:56:46.620Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.<br>"
            }
          ]
        }
      ],
      "affected": [
        {
          "vendor": "AMD",
          "product": "ESXi 8.x and ESXi 9.x hosts using AMD-Pensando DPU products",
          "defaultStatus": "affected",
          "versions": [
            {
              "version": "ESXi 8.0U3i, included in VCF 5.2.3.0 or 9.0.2 releases",
              "status": "unaffected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-122  Heap-based Buffer Overflow",
              "cweId": "CWE-122",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-2001.html"
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Reported through AMD Bug Bounty Program"
        }
      ]
    }
  }
}