News and Updates

News and Updates#

URGENT: Security Risk from CVE-2025-55182 – AMD Enterprise AI Suite#

Date: December 4, 2025

To: Customer

From: AMD Enterprise Stack Engineering & Security Team

Dear AMD Enterprise AI Suite user

On the 3rd of December, critical vulnerabilities were disclosed impacting the React Server Components (RSC) and Next.js frameworks, which are components of the AMD Enterprise AI Suite. These vulnerabilities (CVE-2025-55182 and CVE-2025-66478) expose our services to unauthenticated Remote Code Execution (RCE) risks.

Given the “Critical” severity (CVSS 10.0) and the ease of exploitation (via a single HTTP request), immediate action is required.

Vulnerability Background#

  • CVE-2025-55182 (React): A critical RCE vulnerability in the react-server package used by RSC. The flaw stems from insecure deserialization in the “Flight” protocol, allowing attackers to manipulate server-side execution via malformed payloads.

  • CVE-2025-66478 (Next.js): The corresponding RCE vulnerability in Next.js, which inherits the flaw.

  • Risk Profile: The exploit is unauthenticated, remote, and has near-100% reliability in default configurations. No developer code changes are needed for an app to be vulnerable; standard deployments are at risk.

For more information, please refer to the external analysis: Wiz.io Blog Post

Impact on AMD Enterprise AI Suite#

The AMD Enterprise AI Suite is confirmed to rely on the affected versions of React and Next.js. Any AMD Enterprise AI Suite deployment, public-facing application is currently exposed to full server compromise.

Affected Versions & Remediation#

Please verify your AMD Enterprise AI Suite version and upgrade immediately.

Affected Versions#

AMD Enterprise AI Suite version v1.5.2 and earlier

Remediation#

  1. Get the gitea-admin-credentials from kubernetes / k9s secrets.

  2. Login on browser to https://gitea.

  3. Login as silogen-admin using the credentials from #1

  4. Locate the values_cf.yaml file, e.g. https://gitea./cluster-org/cluster-values/src/branch/main/values_cf.yaml

  5. Change the value of on line #3 to “targetRevision: v1.5.3”

  6. Scroll down & Commit Changes

  7. Wait 5 minutes for ArgoCD to sync

  8. You can also verify by performing the same procedure as above to login to argocd with admin / argocd-initial-admin-secret , verify the version is in the comment field under sync is v1.5.3

Support#

For issues during the upgrade, please contact amd-eai-support@amd.com.

Please do not hesitate to contact us on this issue or any other technical matter concerning AMD Enterprise AI Suite.

Best regards,