Improper Cleanup Vulnerability in AMD CPU Microcode
CVE-2025-0032

7.2HIGH

Key Information:

Vendor: Amd
Status: Amd Epyc™ 9005 Series Processors; Amd Ryzen™ Ai 300 Series Processors; Amd Ryzen™ 9000 Series Desktop Processors; Amd Ryzen™ 9000hx Series Processors
Vendor: CVE Published:; 6 September 2025

What is CVE-2025-0032?

An improper cleanup vulnerability has been identified in the AMD CPU microcode patch loading process. This issue allows an attacker with local administrator privileges to exploit the vulnerability by loading malicious CPU microcode. If successfully executed, this could lead to a significant compromise of the integrity of x86 instruction execution within affected AMD processors. Organizations and users are urged to apply the necessary security updates to mitigate risks associated with this vulnerability.

Affected Version(s)

AMD EPYC™ 9005 Series Processors TurinPI 1.0.0.4

AMD EPYC™ Embedded 9000 Series Processors Embturin PI 1.0.0.0

AMD Ryzen™ 9000 Series Desktop Processors ComboAM5PI 1.2.0.3c

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2025
Vulnerability Reserved
Nov 21, 2024

Amd

What is CVE-2025-0032?

Affected Version(s)

References

CVSS V3.1

Timeline